Published: 18/06/2014 Updated: 18/07/2014

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x prior to 3.50.1, when the AutoPass license server is enabled, allows remote malicious users to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp service virtualization 3.0

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(upda ...

CWE-22 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125 http://zerodayinitiative.com/advisories/ZDI-14-195/https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb http://www.osvdb.org/107943 http://www.exploit-db.com/exploits/33891 http://www.securitytracker.com/id/1030385 http://packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html https://nvd.nist.gov https://www.exploit-db.com/exploits/33891/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6221

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect