Vulnerability Description
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Business Service Management | 9.12 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=134013352316810&w=2
- http://osvdb.org/81981
- http://secunia.com/advisories/49218
- http://www.kb.cert.org/vuls/id/859230US Government Resource
- http://www.securityfocus.com/bid/53556
- http://www.securitytracker.com/id?1027075
- http://marc.info/?l=bugtraq&m=134013352316810&w=2
- http://osvdb.org/81981
- http://secunia.com/advisories/49218
- http://www.kb.cert.org/vuls/id/859230US Government Resource
- http://www.securityfocus.com/bid/53556
- http://www.securitytracker.com/id?1027075
FAQ
What is CVE-2012-2561?
CVE-2012-2561 is a vulnerability with a CVSS score of 10.0 (HIGH). HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server compon...
How severe is CVE-2012-2561?
CVE-2012-2561 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2561?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Business Service Management.