CVE-2013-6221

critical

Description

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb

http://zerodayinitiative.com/advisories/ZDI-14-195/

http://www.securitytracker.com/id/1030385

http://www.osvdb.org/107943

http://www.exploit-db.com/exploits/33891

http://packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html

Details

Source: Mitre, NVD

Published: 2014-06-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical