HTTP: HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal
This signature detects attempts to exploit a known vulnerability in the HP LoadRunner Virtual User Generator. The vulnerabilities exist in the EmulationAdmin web service. A remote unauthenticated attacker can exploit these vulnerabilities to create arbitrary files on the server or disclose sensitive information by reading arbitrary files on the server. Successful exploitation of one of these vulnerabilities could lead to arbitrary code execution on the target system.
Extended Description
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Affected Products
Hp loadrunner
References
BugTraq: 63476
CVE: CVE-2013-4837
URL: http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03969437 http://www.zerodayinitiative.com/advisories/zdi-13-259/ https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03969437 http://www.zerodayinitiative.com/advisories/zdi-13-260/
Short Name
HTTP:DIR:HP-LOADRUNNER-EMU
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-4837 CVE-2013-4838 Directory EmulationAdmin Generator HP LoadRunner Traversal User Virtual bid:63476
Release Date
02/13/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0