HP SiteScope SOAP Remote Disclosure of Information, Remote Code Execution Vulnerabilities

Summary

HP SiteScope SOAP Security Issues, Remote Disclosure of Information, is prone to a Remote denial of service (DoS) and loss of data Vulnerability.

Credit:

The information has been provided by Andrea Micalizzi aka rgod.
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03489683


Details

Vulnerable Systems:
 * HP SiteScope v11.10, v11.11, v11.12, v11.20 for Windows, Linux and Solaris

A vulnerability was reported in HP SiteScope. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information.The SiteScope SOAP feature is affected.Potential security vulnerabilities have been identified with HP SiteScope.The vulnerabilities in SiteScope SOAP features could be remotely exploited to allow disclosure of information or code execution.

Vendor Status:
HP has provided SiteScope update v11.13 to update for HP SiteScope v11.10 to enable a resolution of this issue. HP has provided patches to v11.20 to enable a resolution of this issue.

CVE Information:
CVE-2012-3259
CVE-2012-3260
CVE-2012-3261
CVE-2012-3262
CVE-2012-3263
CVE-2012-3264

Disclosure Timeline:
Release Date: 2012-10-31
Last Updated: 2012-10-31
Version:1 (rev.1) – 19 September 2012 Initial release
Version:2 (rev.2) – 19 September 2012 updated reference section
Version:3 (rev.3) – 20 September 2012 updated Supported Software Versions section
Version:4 (rev.4) – 31 October 2012 updated Supported Software Versions section

Categories: News