ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability

ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-026 March 9, 2010 -- CVE ID: CVE-2010-0447 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Performance Insight --...

CVE-2010-0447

HP OVPI CVE-2010-0447 affects HP OpenView Performance Insight (OVPI) 5.4 and earlier. The vulnerability lies in the helpmanager servlet of the web server, where insufficient input validation and authentication allow remote attackers to upload arbitrary JSP pages and execute OS commands. Exploitat...

CVE-2010-0447

The helpmanager servlet in the web server in HP OpenView Performance Insight OVPI 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document...

[security bulletin] HPSBMA02246 SSRT061260 rev.1 - HP OpenView Performance Insight (OVPI) Running Shared Trace Service, Remote Arbitrary Code Execution --------

Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01115068 Version: 1 HPSBMA02246 SSRT061260 rev.1 - HP OpenView Performance Insight OVPI Running Shared Trace Service, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon a...