Lucene search

[email protected]CVE-2013-6221

HistoryJun 18, 2014 - 4:55 p.m.

CVE-2013-6221

2014-06-1816:55:06

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6221

directory traversal

hp service virtualization

autopass license server

remote code execution

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.971

Percentile

99.8%

JSON

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Affected configurations

NVD

Node

hpservice_virtualizationMatch3.0

VendorProductVersionCPE
hpservice_virtualization3.0cpe:/a:hp:service_virtualization:3.0:::

Vendor	Product	Version	CPE
hp	service_virtualization	3.0	cpe:/a:hp:service_virtualization:3.0:::

References

packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html

www.exploit-db.com/exploits/33891

www.osvdb.org/107943

www.securitytracker.com/id/1030385

zerodayinitiative.com/advisories/ZDI-14-195/

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.971

Percentile

99.8%

JSON

Related for CVE-2013-6221

packetstorm1 checkpoint_advisories1 nvd1 zdi1 nessus1 securityvulns2 zdt1 cvelist1 prion1