Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiMike Arnold (Bruk0ut)ZDI-14-043
HistoryApr 03, 2014 - 12:00 a.m.

Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability

2014-04-0300:00:00
Mike Arnold (Bruk0ut)
www.zerodayinitiative.com
10

EPSS

0.216

Percentile

96.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. By taking advantage of this behavior, an attacker can shutdown the service or disclose administrative credentials and possibly leverage this situation to achieve remote code execution.

Related

cvelist 1
prion 1
nvd 1
cve 1
seebug 1
securityvulns 2
nessus 1
cvelist
cvelist
CVE-2013-6207
2014-03-11 01:00:00
prion
prion
Design/Logic Flaw
2014-03-11 13:01:00
nvd
nvd
CVE-2013-6207
2014-03-11 13:01:04
cve
cve
CVE-2013-6207
2014-03-11 13:01:04
seebug
seebug
HP SiteScope 'loadFileContents' SOAP请求远程代码执行漏洞
2014-03-07 00:00:00
securityvulns
securityvulns
HP SiteScope security vulnerabilities
2014-03-27 00:00:00
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
2014-03-27 00:00:00
nessus
nessus
HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities
2013-08-02 00:00:00

EPSS

0.216

Percentile

96.5%

JSON
Related for ZDI-14-043
cvelist1prion1nvd1cve1seebug1securityvulns2nessus1