SOFTPAQ NUMBER: SP25747

PART NUMBER: N/A

FILE NAME: SP25747.EXE

TITLE: HP Web-Enabled Management Software Security Patch

VERSION: 5.x

LANGUAGE: English

CATEGORY: Software Solutions

DIVISIONS: Systems

PRODUCTS AFFECTED: HP Management Agents
                   Power Management
                   Version Control Repository Agent
                   Version Control Agent
                   Insight Manager 7
                   Array Configuration Utility
		   Survey

OPERATING SYSTEM: Microsoft Windows NT 4.0, Windows 2000, and Windows .NET

SYSTEM CONFIGURATION: N/A

PREREQUISITES: N/A

EFFECTIVE DATE: January 30, 2004

ELECTRONIC DISTRIBUTION ALLOWED: Yes

SOFTPAQ UTILITY VERSION: 5.93

SUPERSEDES: N/A


DESCRIPTION:
	As part of an ongoing commitment to software quality, an issue has been 
	discovered within the HP HTTP Server, a component of HP Web Based Management 
	Products, running HTTP Server versions 5.0 through 5.92 for Microsoft 
	Windows NT 4.0, Windows 2000, and Windows .NET 2003.  The issue creates a 
	vulnerability in the HP HTTP Server if "Anonymous Access" is enabled.  The 
	vulnerability is only present when "Anonymous Access" is enabled.  By default, 
	HP Web Based Management Products are configured with "Anonymous Access" 
	disabled.  You can check the HP HTTP Server version by viewing the bottom left 
	corner of the System Management Homepage.  For some older versions, you will 
	have to hover over the copyright line.  HP strongly recommends that you update 
	your software as soon as possible to remove these vulnerabilities.
        

HOW TO USE:
        Have all the associated files (see file list at the end of this text file) in
        a single directory on your hard drive.  From a DOS command shell change to
        that drive and directory and type:

        patchweb patch

        This will replace the necessary files.
        
        Troubleshooting Note:
        In some circumstances, Windows will not stop a service indicated in this patch.
        When this occurs, an error message will appear at the end of the patch (on the 
        DOS command shell)  that indicates that the service could not be stopped or that
        a file could not be copied (the error message would say "The process cannot
        access the file because it is being used by another process").  When this
        problem occurs, it may be helpful to re-run the patch file again or to use 
        Windows Services to manually stop the service and then re-run the patch.

	
HOW TO RESTORE YOUR ORIGINAL CONFIGURATION:
        To restore the original versions of the patched files type:

        patchweb restore


FILE LIST:
        SP25747.txt
        patchweb.bat
        findver.exe
        regtool.exe
        strexp.exe
        cpqhmmo2.fre
	cpqlogin.frm


Copyright 2004 Hewlett-Packard Development Company, L.P.