You are here

V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code

July 26, 2013 - 3:31am

Addthis

PROBLEM:

A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

PLATFORM:

HP LoadRunner prior to 11.52

ABSTRACT:

Multiple vulnerabilities were reported in HP LoadRunner.

REFERENCE LINKS:

Security Tracker Alert ID: 1028833  
CVE-2013-2368
CVE-2013-2369
CVE-2013-2370
CVE-2013-4797
CVE-2013-4798

CVE-2013-4799
CVE-2013-4800
CVE-2013-4801

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). A remote user can send specially crafted data to cause the target service to crash and execute arbitrary code on the target system .

IMPACT:

A remote user can execute arbitrary code on the target system.

SOLUTION:

The vendor has issued a fix(11.52)

 

Addthis