CVE-2010-0447 Information

Description

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

Reference

http://marc.info/?l=bugtraq&m=126815897824020&w=2 http://osvdb.org/62797 http://secunia.com/advisories/38899 http://www.securityfocus.com/archive/1/509984/100/0/threaded http://www.securityfocus.com/bid/38611 http://www.vupen.com/english/advisories/2010/0555 http://www.zerodayinitiative.com/advisories/ZDI-10-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/56757