Lucene search
RootSSV:61553HistoryFeb 25, 2014 - 12:00 a.m.
HP Service Manager多个安全漏洞
2014-02-2500:00:00
Root
www.seebug.org
78
0.969 High
EPSS
Percentile
99.6%
CVE ID:CVE-2013-1493、CVE-2013-2067、CVE-2013-6202
HP Service Manager是一款软件即服务可以帮助您迅速部署一个全面的IT 服务管理解决方案。
HP Service Manager存在多个安全漏洞:
1,不正确过滤返回给用户的输入,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,当恶意数据被查看时,可获取敏感信息或劫持用户会话。
2,应用程序存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。
3,存在未明错误,允许攻击者利用漏洞执行任意代码,目前没有详细漏洞细节提供。
4,存在未明错误,允许攻击者利用漏洞访问部分受限应用。
5,存在未明错误,允许攻击者利用漏洞获取部分数据。
0
HP Service Manager 9.30
HP Service Manager 9.31
HP Service Manager 9.32
HP Service Manager 9.33
厂商补丁:
HP
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04117626
Related
securityvulns
securityvulns
HP Service Manager multiple security vulnerabilities
2014-03-03 00:00:00
[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator
2013-05-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-02-24 04:48:00
Session fixation
2013-06-01 14:21:00
Memory corruption
2013-03-05 22:06:00
cve
cve
nessus
nessus
Apache Tomcat 7.0.x < 7.0.33 Session Fixation
2013-05-15 00:00:00
RHEL 6 : tomcat6 (RHSA-2013:0964)
2013-06-21 00:00:00
Oracle Linux 6 : tomcat6 (ELSA-2013-0964)
2013-07-12 00:00:00
seebug
seebug
Apache Tomcat表单验证功能安全绕过漏洞
2013-06-06 00:00:00
Java CMM Remote Code Execution
2014-07-01 00:00:00
github
github
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
openvas
openvas
Apache Tomcat Session Fixation Vulnerability (Nov 2012) - Windows
2013-06-06 00:00:00
RedHat Update for tomcat6 RHSA-2013:0964-01
2013-06-24 00:00:00
CentOS Update for tomcat6 CESA-2013:0964 centos6
2013-06-24 00:00:00
veracode
veracode
Session Fixation During Completion Of The Login Form
2019-01-15 08:55:05
Arbitrary Code Execution
2019-05-02 04:53:58
tomcat
tomcat
Fixed in Apache Tomcat 7.0.33
2012-11-21 00:00:00
Fixed in Apache Tomcat 6.0.37
2013-05-03 00:00:00
redhat
redhat
(RHSA-2013:0964) Moderate: tomcat6 security update
2013-06-20 00:00:00
(RHSA-2013:0605) Critical: java-1.6.0-openjdk security update
2013-03-06 00:00:00
(RHSA-2013:0602) Critical: java-1.7.0-openjdk security update
2013-03-06 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2013-06-20 00:00:00
java-1.7.0-openjdk security update
2013-03-06 00:00:00
java-1.7.0-openjdk security update
2013-03-06 00:00:00
osv
osv
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
tomcat7 - security update
2014-04-08 00:00:00
debiancve
debiancve
CVE-2013-2067
2013-06-01 14:21:00
ubuntucve
ubuntucve
centos
centos
tomcat6 security update
2013-06-20 17:46:38
java security update
2013-03-06 21:16:37
java security update
2013-03-06 21:15:03
checkpoint_advisories
checkpoint_advisories
saint
saint
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
zdi
zdi
Oracle Java Image ColorConvert Remote Code Execution Vulnerability
2013-06-27 00:00:00
Oracle Java cmmColorConvert Remote Code Execution Vulnerability
2013-06-27 00:00:00
threatpost
threatpost
The Java Zero-Day Procession Continues
2013-03-01 16:34:30
65 Sites Compromised in ZeroAccess Trojan Attacks
2013-06-19 16:05:05
Attackers Beat Java Default Security Settings with Social Engineering
2013-03-05 17:27:40
zdt
zdt
Java CMM Remote Code Execution Vulnerability
2013-03-28 00:00:00
packetstorm
packetstorm
Java CMM Remote Code Execution
2013-03-28 00:00:00
metasploit
metasploit
Java CMM Remote Code Execution
2013-03-26 21:30:18
exploitdb
exploitdb
Java CMM - Remote Code Execution (Metasploit)
2013-03-29 00:00:00
suse
suse
Security update for Java (critical)
2013-03-12 18:04:47
java-1_6_0-openjdk: update to 1.12.4 (important)
2013-03-12 21:04:28
java-1_6_0-openjdk: update to 1.12.4 (important)
2013-03-12 11:04:28
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-03-05 00:00:00
OpenJDK 7 vulnerabilities
2013-03-07 00:00:00
Tomcat vulnerabilities
2013-05-28 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-03-14 22:03:00
Important: java-1.7.0-openjdk
2013-03-14 22:03:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc18
2013-03-14 02:56:25
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc17
2013-03-06 22:58:17
symantec
symantec
Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability
2013-02-28 00:00:00
cert
cert
Oracle Java contains multiple vulnerabilities
2013-03-05 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
mageia
mageia
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
ibm
ibm
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14