PT-2011-2250 · Hewlett Packard · Hp Openview Performance Insight Server

Stephen Fewer

Publicado

2011-01-31

Atualizado

2018-10-10

CVE-2011-0276

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP OpenView Performance Insight Server versions 5.2 through 5.41

Description The issue concerns a hidden account in the com.trinagy.security.XMLUserManager Java class, allowing remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Recommendations For HP OpenView Performance Insight Server versions 5.2 through 5.41, consider disabling the com.trinagy.servlet.HelpManagerServlet class until a patch is available to prevent exploitation of the hidden account. Restrict access to the com.trinagy.security.XMLUserManager Java class to minimize the risk of arbitrary code execution.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2011-0276

ZDI-11-034

Produtos afetados

Hp Openview Performance Insight Server

PT-2011-2250 · Hewlett Packard · Hp Openview Performance Insight Server

CVE-2011-0276

Identificadores relacionados

Produtos afetados

Referências · 15