Lucene search
SAINT CorporationSAINT:BB8A5008F0A2B1AAC9E17FBB77DDA58FHistoryDec 18, 2013 - 12:00 a.m.
HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal
2013-12-1800:00:00
SAINT Corporation
download.saintcorporation.com
16
0.946 High
EPSS
Percentile
99.3%
Added: 12/18/2013
CVE: CVE-2013-4837
BID: 63475
OSVDB: 99231
Background
HP LoadRunner is a software performance testing solution.
Problem
A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using the copyFileToServer method. The files could then be executed via an HTTP request.
Resolution
Apply LoadRunnner patch v11.52.1, which can be downloaded from HP Software Support Online (SSO).
References
<https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437>
<http://www.zerodayinitiative.com/advisories/ZDI-13-259/>
Limitations
Exploit works on HP LoadRunner 11.52. HP LoadRunner must be installed in the standard installation path.
Platforms
Windows
Related
zdi
zdi
zdt
zdt
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
cve
cve
CVE-2013-4837
2022-10-03 16:14:58
saint
saint
cvelist
cvelist
CVE-2013-4837
2022-10-03 16:14:58
packetstorm
packetstorm
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
prion
prion
Security feature bypass
2013-11-04 16:55:00
nvd
nvd
CVE-2013-4837
2013-11-04 16:55:04
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
[security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
2013-11-05 00:00:00
HP LoadRunner code execution
2013-11-05 00:00:00
nessus
nessus
HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities
2013-11-09 00:00:00