Lucene search

[email protected]CVE-2013-6221

HistoryJun 18, 2014 - 4:55 p.m.

CVE-2013-6221

2014-06-1816:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6221

directory traversal

hp service virtualization

autopass license server

remote code execution

security vulnerability

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

CPENameOperatorVersion
hp:service_virtualizationhp service virtualizationeq3.0

CPE	Name	Operator	Version
hp:service_virtualization	hp service virtualization	eq	3.0

References

packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html

www.exploit-db.com/exploits/33891

www.osvdb.org/107943

www.securitytracker.com/id/1030385

zerodayinitiative.com/advisories/ZDI-14-195/

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2013-6221

packetstorm1 nessus1 securityvulns2 prion1 zdt1 cvelist1 checkpoint_advisories1 zdi1