CVE-2011-3159

Related Files

Zero Day Initiative Advisory 11-323

Posted Nov 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp

advisories | CVE-2011-3159

SHA-256 | 76bbeb241f7d9a97571c3c8254a8ec18e70281fa8a97e1f0917cd03c13a434b0

Download | Favorite | View

HP Security Bulletin HPSBMU02716 SSRT100651

Posted Oct 20, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162

SHA-256 | b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524da

Download | Favorite | View