HP OpenView Communication Broker Arbitrary File Deletion (HPSBMU02691)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server has an arbitrary file deletion vulnerability.

Description :

According to its self-reported version, the version of the HP OpenView
Communication Broker service running on the remote host has a
vulnerability that could allow an unauthenticated attacker to delete
arbitrary files on the system. Successful exploits will result in a
denial of service condition or the corruption of applications running on
the affected system.

Note that the Communication Broker can be found in various HP products
such as HP Operations Agent, HP OpenView Performance Agent, and HP
SiteScope.

See also :

http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
http://www.nessus.org/u?ebf8f8f8

Solution :

Apply the relevant update referenced in HP Security Bulletin
HPSBMU02691.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 70171 ()

Bugtraq ID: 48481

CVE ID: CVE-2011-2608