1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP LoadRunner CVE-2013-4798

Web Attack: HP LoadRunner CVE-2013-4798

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in HP LoadRunner which could result in remote code execution.

Additional Information

HP LoadRunner is a tool for testing system performance.

HP LoadRunner is prone to a remote code-execution vulnerability because it fails to properly sanitize the destination path which leads to directory traversal. An attacker can exploit this issue by enticing an user into opening a malicious webpage or file.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Affected

  • Versions prior to HP LoadRunner 11.52 are vulnerable.

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube