CVE-2010-0447

Related Files

Zero Day Initiative Advisory 10-026

Posted Mar 9, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.

tags | advisory, remote, web, arbitrary

advisories | CVE-2010-0447

SHA-256 | cdc2165cbfbcfb0227cf704cdc43b1b691c05a0e17030005b9e81dcc9d32683e

Download | Favorite | View

HP Security Bulletin HPSBMA02489 SSRT090065

Posted Mar 9, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.

tags | advisory, arbitrary

advisories | CVE-2010-0447

SHA-256 | b0ea5f4bb7a1369ae935731ba537cffabd9aa60351797d73cf034f9815c87364

Download | Favorite | View