Lucene search

[email protected]CVE-2013-6221

HistoryJun 18, 2014 - 4:55 p.m.

CVE-2013-6221

2014-06-1816:55:06

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6221

directory traversal

hp service virtualization

autopass license server

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Affected configurations

NVD

Node

hpservice_virtualizationMatch3.0

CPENameOperatorVersion
hp:service_virtualizationhp service virtualizationeq3.0

CPE	Name	Operator	Version
hp:service_virtualization	hp service virtualization	eq	3.0

References

packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html

www.exploit-db.com/exploits/33891

www.osvdb.org/107943

www.securitytracker.com/id/1030385

zerodayinitiative.com/advisories/ZDI-14-195/

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2013-6221

packetstorm1 nessus1 securityvulns2 zdi1 checkpoint_advisories1 nvd1 zdt1 prion1 cvelist1