Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdi[email protected]ZDI-15-192
HistoryMay 12, 2015 - 12:00 a.m.

Hewlett-Packard Network Virtualization Information Disclosure Vulnerability

2015-05-1200:00:00
[email protected]
www.zerodayinitiative.com
16

EPSS

0.13

Percentile

95.6%

JSON

This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard Network Virtualization. Authentication is not required to exploit this vulnerability. The specific flaw exists because neither the HttpServlet nor the NetworkEditorController sanitize the URL, and hence the file name, requested. An attacker can use this to read any file on the system under the context of SYSTEM.

Related

securityvulns 2
cve 1
prion 1
nvd 1
nessus 1
cvelist 1
securityvulns
securityvulns
Network Virtualization for HP LoadRunner and Performance Center information disclosure
2015-05-11 00:00:00
[security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
2015-05-11 00:00:00
cve
cve
CVE-2015-2121
2015-05-25 17:59:02
prion
prion
Code injection
2015-05-25 17:59:00
nvd
nvd
CVE-2015-2121
2015-05-25 17:59:02
nessus
nessus
Network Virtualization for HP LoadRunner Information Disclosure
2015-05-15 00:00:00
cvelist
cvelist
CVE-2015-2121
2015-05-25 17:00:00

EPSS

0.13

Percentile

95.6%

JSON
Related for ZDI-15-192
securityvulns2cve1prion1nvd1nessus1cvelist1