Signature Detail
Short Name |
HTTP:SQL:INJ:HP-LOADR-GETREPORT |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL Injection |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL Injection
This signature detects attempts to exploit a known vulnerability in HP LoadRunner. Attackers can execute arbitrary SQL commands on a Web server.
Extended Description
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.
Affected Products
- hp loadrunner 11.0.0.0
- hp loadrunner 11.50
- hp loadrunner 9.0.0
- hp loadrunner 9.50.0
- hp loadrunner 9.51
- hp loadrunner 9.52
- hp loadrunner up to 11.51
References
- BugTraq: 63477
- CVE: CVE-2013-4839