HPE Intelligent Management Center arbitrary file upload vulnerability


HPE Intelligent Management Center (IMC) is a popular management system designed to integrate the management of devices, services and users. It provides features and functions that are designed for comprehensive management of the network infrastructure. An arbitrary file upload vulnerability exists in the HPE Intelligent Management Center. The server application that handling the file upload fails to filter the file extension when handling certain HTTP request, causing a arbitrary file upload vulnerability. An attacker could send a crafted HTTP POST request to the server url, uploading malicious scripts and execute them under the privilege of the server process.

HPE IMC’s server side is based on the Java servlets. Such servlets include one called FileUploadServlet, which supports the upload of XML files. It is mapped to the following URL:


This interface and a method called doPost() will handle the HTTP parameters and execute the file uploading logic. The POST parameter “name” determines the filename on the server side. However, the code doesn’t check the file extension carries in this parameter. An attacker could send a malicious request to the server application, renaming the file to a server side executable format, such as jsp or jspx, and get a webshell.

 String fileName = s + "/" + URLDecoder.decode(item.getFieldName(), "UTF-8"); log.debug("flex UploadFileName:" + fileName);  //Rename the uploaded file without any filtering File file = new File(fileName); if (log.isDebugEnabled()) {     log.debug("FileItem :" + item.getName() + "size:" + item.getSize() + "isInMemory:" + item.isInMemory());     log.debug("FileInfo:uploadFileName:" + file.getAbsolutePath()); }

SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13056: HPE Intelligent Management Center Arbitrary File Upload
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.