Intrusion Prevention

HP.OpenView.Performance.Insight.Server.DoPost.Code.Execution

Description

This indicates an attack attempt to exploit a code execution vulnerability in HP OpenView Performance Insight Server.
This issue is caused by lacking of checking the file content uploaded by the "hidden account" in the com.trinagy.security.XMLUserManager Java class. It may allow remote attackers to execute arbitrary code by uploading a crafted JSP file.

Affected Products

HP OpenView Performance Insight 5.4.1
HP OpenView Performance Insight 5.4
HP OpenView Performance Insight 5.3.1
HP OpenView Performance Insight 5.3
HP OpenView Performance Insight 5.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453

CVE References

CVE-2011-0276