Computer Security
[EN] securityvulns.ru no-pyccku


HP Operations Orchestration security vulnerabilities
updated since 08.01.2014
Published:03.03.2014
Source:
SecurityVulns ID:13491
Type:remote
Threat Level:
5/10
Description:XSS, CSRF, unauthorized access.
Affected:HP : HP Operations Orchestration 9
 HP : HP Operations Orchestration 10.01
CVE:CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.)
Original documentdocumentHP, [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information (03.03.2014)
 documentHP, [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) (08.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod