CVE-2010-0447

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://osvdb.org/62797
http://secunia.com/advisories/38899	Vendor Advisory
http://www.securityfocus.com/archive/1/509984/100/0/threaded
http://www.securityfocus.com/bid/38611
http://www.vupen.com/english/advisories/2010/0555	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:openview_performance_insight:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-03-10 22:30

Updated : 2024-02-04 17:54

NVD link : CVE-2010-0447

Mitre link : CVE-2010-0447

CVE.ORG link : CVE-2010-0447

JSON object : View

Products Affected

hp

openview_performance_insight

CWE

CWE-287

Improper Authentication

{"id": "CVE-2010-0447", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-03-10T22:30:01.277", "references": [{"url": "http://marc.info/?l=bugtraq&m=126815897824020&w=2", "source": "hp-security-alert@hp.com"}, {"url": "http://osvdb.org/62797", "source": "hp-security-alert@hp.com"}, {"url": "http://secunia.com/advisories/38899", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/archive/1/509984/100/0/threaded", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/38611", "source": "hp-security-alert@hp.com"}, {"url": "http://www.vupen.com/english/advisories/2010/0555", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-026", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56757", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document."}, {"lang": "es", "value": "El helpmanager servlet en el servidor web en HP OpenView Performance Insight (OVPI) v5.4 y anteriores no autentifica, ni valida correctamente las peticiones, lo que permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s de vectores involucrados en la carga de documentos JSP. \r\n"}], "lastModified": "2018-10-10T19:52:52.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:openview_performance_insight:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F69D12F-E59E-4632-A0EB-062907AD0802", "versionEndIncluding": "5.4"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}