HP OpenView Performance Insight Server 'doPost()' Remote Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

HP OpenView Performance Insight Server is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

Solution

Updates are available. Please see the references for details.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453
http://www.hp.com/
http://www.zerodayinitiative.com/advisories/ZDI-11-034/
https://www.securityfocus.com/bid/46079

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0276
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
Apache Tomcat /servlet Cross Site Scripting
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
4psa Voipnow Local File Inclusion Vulnerability

Take action and discover your vulnerabilities