Lucene search

K
saintSAINT CorporationSAINT:BB8A5008F0A2B1AAC9E17FBB77DDA58F
HistoryDec 18, 2013 - 12:00 a.m.

HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal

2013-12-1800:00:00
SAINT Corporation
download.saintcorporation.com
16

0.946 High

EPSS

Percentile

99.3%

Added: 12/18/2013
CVE: CVE-2013-4837
BID: 63475
OSVDB: 99231

Background

HP LoadRunner is a software performance testing solution.

Problem

A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using the copyFileToServer method. The files could then be executed via an HTTP request.

Resolution

Apply LoadRunnner patch v11.52.1, which can be downloaded from HP Software Support Online (SSO).

References

<https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-13-259/&gt;

Limitations

Exploit works on HP LoadRunner 11.52. HP LoadRunner must be installed in the standard installation path.

Platforms

Windows

0.946 High

EPSS

Percentile

99.3%