Vulnerabilities > CVE-2013-6213 - Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hp
critical
nessus
NVD
Published: 2014-04-19
Updated: 2019-10-09

Summary

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

Vulnerable Configurations

Part Description Count
Application
Hp
10

Nessus

NASL familyWindows
NASL idHP_LOADRUNNER_11_52_1.NASL
descriptionThe version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities : - Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to create files with arbitrary content, thus leading to remote code execution. (CVE-2013-4837, CVE-2013-4838) - A SQL injection vulnerability exists in the Virtual User Generator that allows remote attackers to acquire sensitive information, modify data, or cause a denial of service. (CVE-2013-4839) - A flaw exists in the Virtual User Generator when handling multiple unspecified methods that allows a remote attacker to read, write, or delete arbitrary files, thus leading to information disclosure or the execution of arbitrary code. (CVE-2013-6213)
last seen2020-06-01
modified2020-06-02
plugin id70806
published2013-11-09
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/70806
titleHP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:66961 CVE ID:CVE-2013-6213 HP LoadRunner是一款惠普公司开发的性能测试工具。 HP LoadRunner存在一个未明安全漏洞,允许远程攻击者利用漏洞执行任意代码。 0 HP LoadRunner 11.x HP LoadRunner v11.52 Patch 1版本已修复该漏洞,建议用户下载使用: https://www.hp.com/
idSSV:62231
last seen2017-11-19
modified2014-04-21
published2014-04-21
reporterRoot
titleHP LoadRunner Virtual User Generator远程代码执行漏洞

References