|
Description
|
|
A vulnerability has been reported in HP Network Virtualization for HP LoadRunner and Performance Center, which can be exploited by malicious people to disclose certain sensitive information.
Certain input passed to the HttpServlet and NetworkEditorController is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary local files via directory traversal sequences.
The vulnerability is reported in version 8.61.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
HP Network Virtualization 8.x
|
|
|
|
|
|
Solution
|
|
Apply update.https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NV_00003
|
|
|
|
|
|
CVE
|
|
CVE-2015-2121
|
|
|
|
|
|
References
|
|
HPSBGN03328 SSRT101932:
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04657310
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-15-192/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
