HP.Loadrunner.Web.Tours.Upload.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal vulnerability in HP Loadrunner.
A vulnerability has been reported in Loadrunner that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "username" parameter value that is passed to "login.pl". An attacker may write a file to an arbitrary directory by sending a crafted HTTP POST request.
Affected Products
HP LoadRunner 9.1 and earlier versions.
Impact
Directory Traversal
Recommended Actions
Apply patch, available from the website:
http://support.openview.hp.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |