10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.948 High
EPSS
Percentile
99.3%
Added: 12/18/2013
CVE: CVE-2013-4837
BID: 63475
OSVDB: 99231
HP LoadRunner is a software performance testing solution.
A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using the copyFileToServer method. The files could then be executed via an HTTP request.
Apply LoadRunnner patch v11.52.1, which can be downloaded from HP Software Support Online (SSO).
<https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437>
<http://www.zerodayinitiative.com/advisories/ZDI-13-259/>
Exploit works on HP LoadRunner 11.52. HP LoadRunner must be installed in the standard installation path.
Windows