Compaq Insight Possible Problem


Summary

The web server included in Compaq Insight Manager could expose sensitive information. Anyone that have access to port 2301 where Compaq Insight Manager is installed could get unrestricted access to the servers disk through the "root dot dot" bug.

The problem

When installing Compaq Insight Manager a web server gets installed. This web server runs on port 2301 and could be vulnerable to the old "root dot dot" bug. This bug gives unrestricted access to the vulnerable server's disk. It could easily get exploited with one of the URLs:

Vulnerable versions include Compaq HTTP servers 1.2.14, 1.2.15, 1.3.12, 1.4.10.

Fix

Where possible, disable the Compaq HTTP server. If not practical, upgrade to a non-vulnerable version.

Reference(s):