Lucene search
Andrea Micalizzi aka rgodZDI-14-195HistoryJun 11, 2014 - 12:00 a.m.
Hewlett-Packard AutoPass License Server Remote Code Execution Vulnerability
2014-06-1100:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
8
0.971 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard AutoPass License Server. Authentication is not required to exploit this vulnerability. The flaw exists within the CommunicationServlet. The specific flaw is a directory traversal vulnerability, which allows an unauthenticated user to write a file anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code in the context of the SYSTEM user.
Related
cve
cve
CVE-2013-6221
2014-06-18 16:55:06
packetstorm
packetstorm
HP AutoPass License Server File Upload
2014-06-27 00:00:00
nessus
nessus
HP AutoPass License Server Remote Code Execution (HPSBMU03045)
2014-06-27 00:00:00
securityvulns
securityvulns
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2013-6221
2014-06-18 16:55:06
zdt
zdt
HP AutoPass License Server File Upload Exploit
2014-06-27 00:00:00
prion
prion
Directory traversal
2014-06-18 16:55:00
cvelist
cvelist
CVE-2013-6221
2014-06-18 16:00:00