HP ArcSight Logger < 6.0P1 Multiple Vulnerabilities

high Nessus Plugin ID 81976

Synopsis

A log collection and management system on the remote host has multiple vulnerabilities.

Description

According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0P1. It is, therefore, affected by the following vulnerabilities :

- An XXE injection vulnerability exists due to the improper verification of sources. An authenticated, remote attacker, using specially crafted XML data, can exploit this to execute scripts on the host with the application's level of privileges.

- A flaw exists due to the improper validation of user-uploaded file names when uploading files via the configuration import file upload capability. An authenticated, remote attacker can exploit this to execute arbitrary PHP scripts on the server.

- A flaw exists due to improper permissions on the Content Management import/export features. An authenticated, remote attacker can exploit this to modify the sources and parsers.

Solution

Upgrade to ArcSight Logger 6.0P1 or later.

See Also

http://www.nessus.org/u?29e5c1a6

Plugin Details

Severity: High

ID: 81976

File Name: arcsight_logger_6_0_1.nasl

Version: 1.11

Type: local

Agent: unix

Family: Misc.

Published: 3/20/2015

Updated: 10/25/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2014-7884

Vulnerability Information

CPE: cpe:/a:hp:arcsight_logger

Required KB Items: installed_sw/ArcSight Logger

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/11/2015

Vulnerability Publication Date: 3/11/2015

Reference Information

CVE: CVE-2014-7884

BID: 73071

CERT: 868948

HP: HPSBGN03249, SSRT101697, emr_na-c04562193