CVE-2010-0447

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://www.vupen.com/english/advisories/2010/0555	Vendor Advisory
http://www.securityfocus.com/bid/38611
http://secunia.com/advisories/38899	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-026
http://osvdb.org/62797
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757
http://www.securityfocus.com/archive/1/509984/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:openview_performance_insight:*:*:*:*:*:*:*:*

Information

Published : 2010-03-10 14:30

Updated : 2018-10-10 12:52

NVD link : CVE-2010-0447

Mitre link : CVE-2010-0447

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

hp

openview_performance_insight

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://marc.info/?l=bugtraq&m=126815897824020&w=2", "name": "HPSBMA02489", "tags": [], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2010/0555", "name": "ADV-2010-0555", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/38611", "name": "38611", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/38899", "name": "38899", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-026", "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-026", "tags": [], "refsource": "MISC"}, {"url": "http://osvdb.org/62797", "name": "62797", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56757", "name": "hp-performance-unspec-command-exec(56757)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/509984/100/0/threaded", "name": "20100309 ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0447", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-03-10T22:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:openview_performance_insight:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T19:52Z"}