HP HTTP Server Trusted Certificate Compromise Vulnerability

The HP HTTP Server included with HP Web-Enabled Management Software (Compaq Web Management) allows users to upload client-side certificates that will authenticate them against the service. This vulnerability only exists if the Anonymous Access option is enabled. This option is not enabled by default.

This vulnerability is reported to exist on HP HTTP Server versions 5.0 through 5.92.


Privacy Statement
Copyright 2010, SecurityFocus