CVE-2010-0447

Sažetak

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

Reference

http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://osvdb.org/62797
http://secunia.com/advisories/38899
http://www.securityfocus.com/archive/1/509984/100/0/threaded
http://www.securityfocus.com/bid/38611
http://www.vupen.com/english/advisories/2010/0555
http://www.zerodayinitiative.com/advisories/ZDI-10-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

10-10-2018 - 19:52

Objavljeno

10-03-2010 - 22:30