vulnerability alert CVE-2010-0447

HP Performance Insight: code execution

Synthesis of the vulnerability

A remote attacker can execute code in HP OpenView Performance Insight.

Severity: 3/4. Creation date: 09/03/2010. Revision date: 10/03/2010.

Description of the vulnerability

The HP OpenView Performance Insight product monitors system performances. An attacker can send a query to the helpmanager servlet of the Performance Insight web site, in order to upload a JSP page on the site. A remote attacker can then execute code in HP OpenView Performance Insight, and obtain the SYSTEM privilege.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: HP Performance Insight: code execution. Keywords: Insight JSP OpenView Performance SYSTEM code execution. Identifiers: BID-38611, c02033170, CVE-2010-0447, HPSBMA02489, SSRT090065, VIGILANCE-VUL-9506, ZDI-10-026.

Information sources

Publications and announces Source example: HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight, Remote Execution of Arbitrary Commands

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service