HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability
Gravité: : Critique
Date du conseil: 21 juillet 2015
Description
HP SiteScope is prone to multiple security-bypass vulnerabilities. Successful exploits may allow attackers to bypass the bypass security restrictions and to perform unauthorized actions such as execution of arbitrary code in the context of the application.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1005257
Trend Micro Deep Security DPI Rule Name: 1005257 - HP SiteScope APISiteScopeImpl Web Service 'getFileInternal' Or 'getSiteScopeConfiguration' Request Detected
Affected software and version:
- HP SiteScope