3 matches found
[security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03377648 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03377648 Version: 1 HPSBMU02792...
CVE-2012-2561
CVE-2012-2561 affects HP Business Service Management (BSM) 9.12 where uploading a .war file to the JBOSS component can lead to remote JSP code execution via crafted requests to TCP ports 1098/1099/4444. The root cause is improper restriction of .war uploads, enabling an attacker to deploy a JSP s...
HP Business Service Management Remote Code Execution
HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. Recent assessments: wchen-r7 at Septembe...