HP OpenView Performance Insight code execution
Published:		11.03.2010
Source:		BUGTRAQ
SecurityVulns ID:		10682
Type:		remote
Level:		6/10
Description:		It's possible to upload JSP page to server.

Affected:		HP : Performance Insight 5.4
CVE:		CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.)

Original document		ZDI, ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability (11.03.2010)
		HP, [security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands (11.03.2010)

Discuss:

Read or add your comments to this news (0 comments)