CVE-2016-4360 - OpenCVE

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Performance Center Loadrunner

Configuration 1 [-]

OR	cpe:2.3:a:hp:loadrunner:11.52:p3::::::
	cpe:2.3:a:hp:loadrunner:12.00:p1::::::
	cpe:2.3:a:hp:loadrunner:12.01:p3::::::
	cpe:2.3:a:hp:loadrunner:12.02:p2::::::
	cpe:2.3:a:hp:loadrunner:12.50:p3::::::

Configuration 2 [-]

OR	cpe:2.3:a:hp:performance_center:11.52:p3::::::
	cpe:2.3:a:hp:performance_center:12.00:p1::::::
	cpe:2.3:a:hp:performance_center:12.01:p3::::::
	cpe:2.3:a:hp:performance_center:12.20:p2::::::
	cpe:2.3:a:hp:performance_center:12.50:p1::::::

References

Link	Resource
http://www.securityfocus.com/bid/90975
http://www.securitytracker.com/id/1036006	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-364	Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423	Vendor Advisory
https://www.tenable.com/security/research/tra-2016-17

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-08T14:00:00

Updated: 2017-11-02T12:57:01

Reserved: 2016-04-29T00:00:00

Link: CVE-2016-4360

JSON object: View

NVD Information

Status : Modified

Published: 2016-06-08T14:59:42.313

Modified: 2017-11-03T01:29:02.890

Link: CVE-2016-4360

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-02T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"name": "90975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90975"}, {"name": "1036006", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036006"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2016-17"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4360", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"name": "90975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90975"}, {"name": "1036006", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036006"}, {"name": "https://www.tenable.com/security/research/tra-2016-17", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2016-17"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-364", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4360", "datePublished": "2016-06-08T14:00:00", "dateReserved": "2016-04-29T00:00:00", "dateUpdated": "2017-11-02T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*", "matchCriteriaId": "EA41E4F9-3325-4665-A433-BDAA02621F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*", "matchCriteriaId": "58DEE82F-A703-4F0D-96D4-47E6DEC473BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*", "matchCriteriaId": "5B9BA232-B8DD-4EC9-991F-06E73774A156", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*", "matchCriteriaId": "F7226CD8-1528-4C5B-825D-2569D025808C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*", "matchCriteriaId": "7772F623-E8AD-41A1-B5E2-F507FB7F413B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*", "matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*", "matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*", "matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*", "matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*", "matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."}, {"lang": "es", "value": "web/admin/data.js en el componente Performance Center Virtual Table Server (VTS) en HPE LoadRunner 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.02 hasta el parche 2 y 12.50 hasta el parche 3 y Performance Center 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.20 hasta el parche 2 y 12.50 hasta el parche 1 no restringe rutas de archivo enviadas a un llamada desvinculada, lo que permite a atacantes remotos borrar archivos arbitrarios a trav\u00e9s del par\u00e1metro de ruta a data/import_csv, tambi\u00e9n conocido como ZDI-CAN-3555."}], "id": "CVE-2016-4360", "lastModified": "2017-11-03T01:29:02.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-08T14:59:42.313", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036006"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/research/tra-2016-17"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}