Main Vulnerability Database Vulnerabilities #VU40892

Information disclosure in Universal Configuration Management Database - CVE-2014-7883

Published: February 15, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40892

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-7883

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: HPE

Affected software:
Universal Configuration Management Database

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

How to mitigate CVE-2014-7883

Install update from vendor's website.

Sources

http://www.kb.cert.org/vuls/id/867593
http://www.securitytracker.com/id/1031688
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906

Information disclosure in Universal Configuration Management Database - CVE-2014-7883

Detailed vulnerability description

How to mitigate CVE-2014-7883

Sources

Please verify you're human