VULHUB ™

A vulnerability exists in the web-enabled management software component of a number of Compaq products. The product works through TCP port :2301 to provide an administrator with a management console via HTTP and a browser. Traffic from within a protected network may be able to bypass the restrictions of that network's proxy server or firewall via port 2301, which is typically reserved for use by the management software. In addition, traffic from an external network (ie the Internet) can reach a protected network through the same port if the protected network does not have other firewalling measures in place. This ability to send traffic to and from a protected network, circumventing the installed proxy server's normal restrictions, may allow an attacker to exploit other security vulnerabilities in the hosts on the protected network. Additionally, this vulnerability will disclose confidential information about the network infrastructure.

A vulnerability exists in the web-enabled management software component of a number of Compaq products. The product works through TCP port :2301 to provide an administrator with a management console via HTTP and a browser. Traffic from within a protected network may be able to bypass the restrictions of that network's proxy server or firewall via port 2301, which is typically reserved for use by the management software. In addition, traffic from an external network (ie the Internet) can reach a protected network through the same port if the protected network does not have other firewalling measures in place. This ability to send traffic to and from a protected network, circumventing the installed proxy server's normal restrictions, may allow an attacker to exploit other security vulnerabilities in the hosts on the protected network. Additionally, this vulnerability will disclose confidential information about the network infrastructure.