Signature Detail
Short Name |
HTTP:DIR:HP-LOADRUNNER-EMU |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal |
Release Date |
2014/02/13 |
Update Number |
2345 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal
This signature detects attempts to exploit a known vulnerability in the HP LoadRunner Virtual User Generator. The vulnerabilities exist in the EmulationAdmin web service. A remote unauthenticated attacker can exploit these vulnerabilities to create arbitrary files on the server or disclose sensitive information by reading arbitrary files on the server. Successful exploitation of one of these vulnerabilities could lead to arbitrary code execution on the target system.
Extended Description
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Affected Products
- hp loadrunner 11.0.0.0
- hp loadrunner 11.50
- hp loadrunner 9.0.0
- hp loadrunner 9.50.0
- hp loadrunner 9.51
- hp loadrunner 9.52
- hp loadrunner up to 11.51
References
- BugTraq: 63476
- CVE: CVE-2013-4838
- CVE: CVE-2013-4837