SOFTPAQ NUMBER: SP23548

PART NUMBER: N/A

FILE NAME: SP23548.EXE

TITLE: HP Web-Enabled Management Software Security Patch

VERSION: 4.x, 5.x

LANGUAGE: English

CATEGORY: Software Solutions

DIVISIONS: Systems

PRODUCTS AFFECTED: HP Management Agents
                   Power Management
                   Version Control Repository Agent
                   Version Control Agent
                   Insight Manager 7
                   Array Configuration Utility

OPERATING SYSTEM: Microsoft Windows NT 4.0, Windows 2000, and Windows .NET


SYSTEM CONFIGURATION: N/A

PREREQUISITES: N/A

EFFECTIVE DATE: July 13, 2003

ELECTRONIC DISTRIBUTION ALLOWED: Yes

SOFTPAQ UTILITY VERSION: 5.7

SUPERSEDES: N/A


DESCRIPTION:
	HP web-enabled Management Software running HTTP Server versions less than 4.40 
	and versions 5.0 through 5.5 for Microsoft Windows NT 4.0, Windows 2000, and 
	Windows .NET 2003 are susceptible to a security vulnerability wherein a malicious 
	user with HTTP access could halt the web-enabled Management Software by executing 
	cross-site scripts on managed devices.  They are also susceptible to two OpenSSL 
	timing attack vulnerabilities that have been addressed in recent OpenSSL releases.  
	A list of the affected management software is listed above. HP strongly recommends 
	that you update your software as soon as possible to remove these vulnerabilities.
        

HOW TO USE:
        Have all the associated files (see file list at the end of this text file) in
        a single directory on your hard drive.  From a DOS command shell change to
        that drive and directory and type:

        patchweb patch

        This will replace the necessary files.
        
        Troubleshooting Note:
        In some circumstances, Windows will not stop a service indicated in this patch.
        When this occurs, an error message will appear at the end of the patch (on the 
        DOS command shell)  that indicates that the service could not be stopped or that
        a file could not be copied (the error message would say "The process cannot
        access the file because it is being used by another process").  When this
        problem occurs, it may be helpful to re-run the patch file again or to use 
        Windows Services to manually stop the service and then re-run the patch.
   

HOW TO RESTORE YOUR ORIGINAL CONFIGURATION:
        To restore the original versions of the patched files type:

        patchweb restore


FILE LIST:
        SP23548.txt
        patchweb.bat
        findver.exe
        regtool.exe
        strexp.exe
        cpqhmmo1.fre
        cpqhmmo2.fre


Copyright 2003 Hewlett-Packard Development Company, L.P.