CVE-2013-6221 : Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Published 2014-06-18 16:55:07

Updated 2014-07-18 05:18:34

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversalExecute code

Exploit prediction scoring system (EPSS) score for CVE-2013-6221

Probability of exploitation activity in the next 30 days: 97.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2013-6221

HP AutoPass License Server File Upload

Disclosure Date: 2014-01-10

First seen: 2020-04-26

exploit/windows/http/hp_autopass_license_traversal

This module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. Second, it's possible to abuse a di

More information

CVSS scores for CVE-2013-6221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6221

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6221

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125

HP Support for Technical Help and Troubleshooting | HP® Customer Service.
Vendor Advisory
http://www.securitytracker.com/id/1030385

HP Service Virtualization Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://zerodayinitiative.com/advisories/ZDI-14-195/

ZDI-14-195 | Zero Day Initiative
http://packetstormsecurity.com/files/127247/HP-AutoPass-License-Server-File-Upload.html

HP AutoPass License Server File Upload ≈ Packet Storm
http://www.exploit-db.com/exploits/33891

HP AutoPass License Server - Arbitrary File Upload (Metasploit) - Java remote Exploit
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_autopass_license_traversal.rb

metasploit-framework/hp_autopass_license_traversal.rb at master · rapid7/metasploit-framework · GitHub

Products affected by CVE-2013-6221

HP » Service Virtualization » Version: 3.0
cpe:2.3:a:hp:service_virtualization:3.0:*:*:*:*:*:*:*
Matching versions