What Port 2301 Does
Port 2301 lives in the registered port range (1024-49151). IANA lists it as unassigned — no official protocol, no official owner. But in practice, if you see it open on a server, there's a strong chance you're looking at old HP or Compaq hardware management software.
Specifically: Compaq/HP Systems Management Homepage (cpq-wbem). Port 2301 was the HTTP interface. Its entire purpose was to receive your unencrypted request and immediately redirect you to port 2381, where the real HTTPS management interface lived.
Port 2301 was a bouncer whose only line was: "You want 2381."
The HP/Compaq Server Management World
HP ProLiant servers shipped with embedded management agents — software running on the server itself that let administrators remotely monitor hardware health: temperature, fan status, RAID arrays, firmware versions, drive failures. You could catch a dying disk before it took down the system.
The management homepage ran on two ports:
- 2301 — HTTP, the redirect
- 2381 — HTTPS, the actual interface
The service name cpq-wbem reflects the Compaq acquisition era (HP acquired Compaq in 2002) and the WBEM standard (Web-Based Enterprise Management), a late-90s initiative to standardize how software could query hardware state.1
The CVE
A redirect port sounds harmless. It wasn't.
CVE-2004-0658: A buffer overflow in the HTTP service on port 2301 in Compaq Insight Manager could be triggered to crash the service or potentially execute arbitrary code.2 The port that existed only to say "go to 2381" was itself a foothold.
This was 2004. The era when "it's just a redirect" was the last defense.
Is It Unassigned?
Yes. IANA's official registry does not assign port 2301 to any service.3 The cpq-wbem association is widely documented in third-party databases and was a de facto use that predates and outlasted any formal registration attempt.
If you're doing a security audit and see port 2301 open, you're likely looking at:
- A legacy HP/Compaq server with management agents still running
- Software that hasn't been updated since the mid-2000s
- A potential attack surface worth investigating
How to Check What's Listening
On Linux/macOS:
On Windows:
On a remote host (from outside):
Why Unassigned Ports Matter
The registered range (1024-49151) has thousands of ports. IANA registers the ones that matter — but registration is voluntary, and many services picked ports, shipped products, and moved on without asking. Port 2301 is one of thousands of ports with a real history that IANA's registry doesn't capture.
The port number is real. The history is real. The CVE is real. The registry just never caught up.
Frequently Asked Questions
Беше ли полезна тази страница?