TITLE:   Compaq Web-Enabled Management Software Security Patch

PRODUCTS AFFECTED:
   Compaq Insight Management Agents for Servers
   Compaq Survey Utility
   Compaq Power Management
   Compaq Intelligent Cluster Administrator
   Compaq Availability Agents
   Compaq Insight Manager XE


OPERATING SYSTEM: Microsoft Windows NT 4.0 and Windows 2000

EFFECTIVE DATE: February 28, 2001


DESCRIPTION:
        Compaq softpaq/component 16289 was recently posted on the Compaq
        website that addresses a potential issue that significantly affect the
        web-enabled Compaq management software (Compaq HTTP server) during
        startup. In rare occasions when a system has been running for a couple
        of days the cookie.dat file generates a cookie with a 0 sequence number
        stored in it. The occurrence of 0 sequence number can cause the HTTP
        Server to go through an incorrect code path. This occurrence can
        significantly impact the HTTP Server during startup. Compaq recommends
        that you download and apply the fix as soon as possible.

        This batch file copies the files needed to fix a potential security issue
        in the web-enabled portion of the products listed above.  The vulnerablity
        can allow an attacker to either crash the web-enabled portion of the agent
        or alternatively execute some introduced code at the access level of the
        web-based management process.
        
        If running Compaq Insight Manager XE versions earlier than 2.0, then please
        upgrade it to versions 2.0 or greater.


HOW TO USE:

1. Have all the associated files (see file list at the end of this text file) in
   a single directory on your hard drive.  From a DOS command shell change to
   that drive and directory and type:

         patchweb patch

   This will replace the necessary files.

HOW TO RESTORE YOUR ORIGINAL CONFIGURATION:

1. To restore the original versions of the patched files type:

        patchweb restore


FILE LIST:

   patchweb.txt
   patchweb.bat
   findver.exe
   regtool.exe
   cpqhmmo.fre
   cpqlogin.frm
   Default.frm
   strexp.exe



Copyright 2001, Compaq Computer Corporation.  All rights reserved.

Product names mentioned herein may be trademarks and/or registered
trademarks of their respective companies