Short Name |
APP:HP-SITESCOPE-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP SiteScope runOMAgentCommand Command Injection |
Release Date |
2013/10/24 |
Update Number |
2313 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a command injection vulnerability in the HP SiteScope. It is due to insufficient validation of user-supplied input. A successful attack can lead to arbitrary code execution within the context of the affected application.
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.