The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus Performance Center

computer vulnerability alert CVE-2012-3269 CVE-2012-3270

HP Performance Insight: vulnerabilities of Sybase

Synthesis of the vulnerability

When HP Performance Insight uses a Sybase database, an attacker can create a denial of service, delete data, and possibly read/alter data.
Impacted products: Performance Center.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 02/11/2012.
Identifiers: BID-56373, c03555488, CERTA-2012-AVI-620, CVE-2012-3269, CVE-2012-3270, HPSBMU02827, SSRT100924, VIGILANCE-VUL-12106.

Description of the vulnerability

Two vulnerabilities were announced when HP Performance Insight uses a Sybase database.

An attacker can use a vulnerability, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3270]

An attacker can use a vulnerability, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2012-3269]

When HP Performance Insight uses a Sybase database, an attacker can therefore create a denial of service, delete data, and possibly read/alter data.

Note: the HP announce indicates incoherent consequences.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2012-2019 CVE-2012-2020

HP Operations Agent, Performance Agent: code execution

Synthesis of the vulnerability

A remote attacker can use two vulnerabilities of HP Operations Agent and HP Performance Agent, in order to execute code.
Impacted products: OpenView, OpenView Operations, HP Operations, Performance Center.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 10/07/2012.
Revisions dates: 13/07/2012, 23/07/2012.
Identifiers: BID-54362, c03397769, CERTA-2012-AVI-374, CVE-2012-2019, CVE-2012-2020, HPSBMU02796, SSRT100594, SSRT100595, VIGILANCE-VUL-11749, ZDI-12-114, ZDI-12-115, ZDI-CAN-1325, ZDI-CAN-1326.

Description of the vulnerability

Two vulnerabilities were announced in HP Operations Agent and HP Performance Agent.

An unauthenticated attacker can use a GET query with a parameter with a large integer value for Opcode 0x34, in order to generate a buffer overflow in coda.exe. [severity:3/4; CVE-2012-2019, SSRT100594, ZDI-12-114, ZDI-CAN-1325]

An unauthenticated attacker can use a GET query with a parameter with a large integer value for Opcode 0x8C, in order to generate a buffer overflow in coda.exe. [severity:3/4; CVE-2012-2020, SSRT100595, ZDI-12-115, ZDI-CAN-1326]

A remote attacker can therefore use two vulnerabilities of HP Operations/Performance Agent, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2012-0127

HP Performance Manager: code execution

Synthesis of the vulnerability

A remote attacker can use the PMParamHandler parameter of HP Performance Manager, in order to create a file with system privileges, which leads to code execution.
Impacted products: Performance Center, HP-UX.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/03/2012.
Revision date: 22/06/2012.
Identifiers: BID-52749, c03255321, CERTA-2012-AVI-178, CVE-2012-0127, HPSBMU02756, SSRT100596, VIGILANCE-VUL-11498, ZDI-12-100, ZDI-CAN-1340.

Description of the vulnerability

The HP Performance Manager product uses a Tomcat server listening on port 8081/tcp.

However, the web service does not check if the PMParamHandler parameter indicates a file located outside the root of the web site. It also does not check if it contains a '\0' character, which can be used to prematurely stop the processing of the filename, and thus to change its extension.

A remote attacker can therefore use the PMParamHandler parameter of HP Performance Manager, in order to create a file with system privileges, which leads to code execution.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2011-4160

HP Operations Agent, Performance Agent: access to a directory

Synthesis of the vulnerability

A local attacker can use a vulnerability of HP Operations Agent and Performance Agent on Unix, in order to access to a directory.
Impacted products: OpenView, OpenView Operations, HP Operations, Performance Center.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 22/11/2011.
Identifiers: BID-50761, c03091656, CVE-2011-4160, HPSBMU02726, SSRT100685, VIGILANCE-VUL-11173.

Description of the vulnerability

The HP Operations Agent and Performance Agent products can be installed on Unix.

A local attacker can use a vulnerability of HP Operations Agent and Performance Agent on Unix, in order to access to a directory.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2011-1976

Microsoft Visual Studio 2005: Cross Site Scripting of Report Viewer

Synthesis of the vulnerability

When a web site uses the Report Viewer control, an attacker can create a Cross Site Scripting, in order to execute JavaScript code in the web browser of site visitors.
Impacted products: Performance Center, Visual Studio.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 10/08/2011.
Identifiers: 2578230, BID-49033, c04945270, CERTA-2011-AVI-443, CVE-2011-1976, MS11-067, VIGILANCE-VUL-10905.

Description of the vulnerability

Microsoft Visual Studio 2005 provides the Report Viewer control, which generates reports:
 - on an ASP.NET web site (ReportViewer Web), or
 - in a Windows application (ReportViewer Windows Forms).

This control uses a data source to generate the document. However, the ASP.NET control does not filter data before displaying them in the generate HMTL page.

When a web site uses the Report Viewer control, an attacker can therefore create a Cross Site Scripting, in order to execute JavaScript code in the web browser of site visitors.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2011-2608

HP Performance Agent, Operations Agent: file deletion via ovbbccb.exe

Synthesis of the vulnerability

A remote attacker can request the ovbbccb.exe service to delete a file with system privileges.
Impacted products: HP Operations, Performance Center.
Severity: 2/4.
Consequences: data deletion.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 29/06/2011.
Identifiers: BID-48481, c02941034, CVE-2011-2608, HPSBMU02691, SSRT100483, VIGILANCE-VUL-10792.

Description of the vulnerability

The HP OpenView Communications Broker (ovbbccb.exe) service listens on port 383/tcp. It is installed with HP Performance Agent and Operations Agent.

A user can send a "Register" query to ask this service to register information about another service. This query indicates the name of the file containing information. When the registration is done, ovbbccb.exe deletes this file.

However, the attacker can indicate any filename (C:\important.ini or \\server\share\important.txt).

A remote attacker can therefore request the ovbbccb.exe service to delete a file with system privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2011-0272

HP LoadRunner, Performance Center: code execution

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Impacted products: LoadRunner, Performance Center.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 25/01/2011.
Identifiers: BID-45792, c02680678, CERTA-2011-AVI-019, CVE-2011-0272, HPSBMA02624, SSRT100195, VIGILANCE-VUL-10296, ZDI-11-015.

Description of the vulnerability

The HP LoadRunner and HP Performance Center products install the magentproc.exe process. It listens on ports 5001/tcp and 5002/tcp, when HttpTunnel is enabled.

However, the process does not check the allocation size requested by the client. A malicious client can thus request a short memory area, in order to create an overflow.

An attacker can therefore generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2010-3864

OpenSSL: code execution via TLS Extensions

Synthesis of the vulnerability

An attacker can use a TLS extension, in order to corrupt the memory of multi-threaded applications using OpenSSL and its internal caching feature.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, HP Operations, Performance Center, HP-UX, AIX, Tivoli Workload Scheduler, MES, Mandriva Linux, NetBSD, OpenBSD, OpenSolaris, OpenSSL, openSUSE, RHEL, Slackware, StoneGate Firewall, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 17/11/2010.
Identifiers: 1643316, 649304, BID-44884, c02737002, c03179825, CERTA-2002-AVI-272, CERTA-2010-AVI-555, CERTA-2011-AVI-242, CERTA-2011-AVI-294, CERTA-2012-AVI-056, CVE-2010-3864, DSA-2125-1, FEDORA-2010-17826, FEDORA-2010-17827, FEDORA-2010-17847, FreeBSD-SA-10:10.openssl, HPSBGN02740, HPSBUX02638, MDVSA-2010:238, NetBSD-SA2010-012, openSUSE-SU-2010:0965-1, openSUSE-SU-2010:0965-2, RHSA-2010:0888-01, SA68, SSA:2010-326-01, SSRT100339, SSRT100741, SUSE-SR:2010:022, VIGILANCE-VUL-10130, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

Since its version 0.9.8f, OpenSSL supports the TLS SNI (Server Name Indication) extension. It is enabled if OpenSSL is compiled with the "enable-tlsext" option (enabled by default since version 0.9.8k).

The SSL session caching feature saves sessions, to be reused later. An application can enable it with the SSL_CTX_set_session_cache_mode() function. For example, Apache httpd does not enable it.

When a multi-thread application uses OpenSSL, the ssl/t1_lib.c file does not lock the caching of TLS SNI. An attacker can therefore open two simultaneous sessions, so a double caching is tried, which corrupts the memory.

An attacker can therefore use a TLS extension, in order to corrupt the memory of multi-threaded applications using OpenSSL and its internal caching feature.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2008-5515 CVE-2009-0033 CVE-2009-0580

Apache Tomcat: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Tomcat in order to generate a denial of service or to obtain information.
Impacted products: Tomcat, BES, Debian, Fedora, Performance Center, HP-UX, JBoss AS OpenSource, NSM Central Manager, NSMXpress, MES, Mandriva Linux, OpenSolaris, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 04/06/2009.
Revisions dates: 09/06/2009, 10/06/2010.
Identifiers: 263529, 6848375, 6849727, BID-35193, BID-35196, BID-35263, BID-35416, c01908935, c02181353, c02515878, CERTA-2009-AVI-211, CERTA-2010-AVI-220, CERTA-2011-AVI-169, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, DSA-2207-1, FEDORA-2009-11352, FEDORA-2009-11356, FEDORA-2009-11374, HPSBMA02535, HPSBUX02466, HPSBUX02579, KB25966, MDVSA-2009:136, MDVSA-2009:138, MDVSA-2009:163, MDVSA-2010:176, PSN-2012-05-584, RHSA-2009:1143-01, RHSA-2009:1144-01, RHSA-2009:1145-01, RHSA-2009:1146-01, RHSA-2009:1164-01, RHSA-2009:1454-01, RHSA-2009:1506-01, RHSA-2009:1562-01, RHSA-2009:1563-01, RHSA-2009:1616-01, RHSA-2009:1617-01, RHSA-2010:0602-02, SSRT090192, SSRT100029, SSRT100203, SUSE-SR:2009:012, SUSE-SR:2010:008, VIGILANCE-VUL-8762, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5.

Description of the vulnerability

Several vulnerabilities were announced in Apache Tomcat.

An attacker can use invalid headers in order to close the AJP connection. [severity:2/4; BID-35193, CVE-2009-0033]

When form authentication (j_security_check) is in mode MemoryRealm, DataSourceRealm or JDBCRealm, an attacker can use an invalid url encoding for the password. He can then detect if a username is valid. [severity:2/4; BID-35196, CVE-2009-0580]

A web application can change the XML parser, and thus access to the web.xml/context.xml file of another application. [severity:1/4; BID-35416, CVE-2009-0783]

The url path is unnecessary canonized in ApplicationHttpRequest.java. The url "http://s/dir1/dir2?/../" is for example converted to "http://s/dir1/". [severity:2/4; BID-35263, CERTA-2009-AVI-211, CERTA-2010-AVI-220, CVE-2008-5515]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2010-1549

HP Performance Center Agent: code execution

Synthesis of the vulnerability

A non authenticated attacker can connect to HP Performance Center Agent running on Windows, in order to execute code.
Impacted products: Performance Center.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 11/05/2010.
Identifiers: c02153865, CVE-2010-1549, VIGILANCE-VUL-9634, ZDI-CAN-177.

Description of the vulnerability

The HP Performance Center Agent product can be installed on Windows.

A non authenticated attacker can connect to HP Performance Center Agent running on Windows, in order to execute code.

 The vulnerability may be related to a possible code transmission to the Load Generator.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus Performance Center: