Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2016-4360
HistoryJun 08, 2016 - 2:59 p.m.

CVE-2016-4360

2016-06-0814:59:42
mitre
web.nvd.nist.gov
37
hpe
loadrunner
vts
remote attackers
unlink call
data/import_csv
cve-2016-4360

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.034

Percentile

91.6%

JSON

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

Affected configurations

Nvd
Node
hploadrunnerMatch11.52p3
OR
hploadrunnerMatch12.00p1
OR
hploadrunnerMatch12.01p3
OR
hploadrunnerMatch12.02p2
OR
hploadrunnerMatch12.50p3
Node
hpperformance_centerMatch11.52p3
OR
hpperformance_centerMatch12.00p1
OR
hpperformance_centerMatch12.01p3
OR
hpperformance_centerMatch12.20p2
OR
hpperformance_centerMatch12.50p1
VendorProductVersionCPE
hploadrunner11.52cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*
hploadrunner12.00cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*
hploadrunner12.01cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*
hploadrunner12.02cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
hploadrunner12.50cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
hpperformance_center11.52cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*
hpperformance_center12.00cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*
hpperformance_center12.01cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*
hpperformance_center12.20cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
hpperformance_center12.50cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*

Related

nessus 3
nvd 1
prion 1
zdi 1
cvelist 1
openvas 1
nessus
nessus
HPE LoadRunner Virtual Table Server import_csv Remote File Deletion DoS
2016-07-07 00:00:00
HP LoadRunner 11.52 / 12.00 / 12.01 / 12.02 / 12.50 Multiple Vulnerabilities
2016-06-10 00:00:00
HP Performance Center 11.52.x / 12.x < 12.53 Multiple Vulnerabilities
2016-09-30 00:00:00
nvd
nvd
CVE-2016-4360
2016-06-08 14:59:42
prion
prion
Code injection
2016-06-08 14:59:00
zdi
zdi
Hewlett Packard Enterprise LoadRunner Virtual Table Server import_csv Denial of Service Vulnerability
2016-06-03 00:00:00
cvelist
cvelist
CVE-2016-4360
2016-06-08 14:00:00
openvas
openvas
HPE LoadRunner Multiple Remote Code Execution and DoS Vulnerabilities
2017-04-20 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.034

Percentile

91.6%

JSON
Related for CVE-2016-4360
nessus3nvd1prion1zdi1cvelist1openvas1