HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities
Critical Nessus Plugin ID 70806
The remote Windows host has an application that is affected by multiple vulnerabilities.
The version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities : - Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to create files with arbitrary content, thus leading to remote code execution. (CVE-2013-4837, CVE-2013-4838) - A SQL injection vulnerability exists in the Virtual User Generator that allows remote attackers to acquire sensitive information, modify data, or cause a denial of service. (CVE-2013-4839) - A flaw exists in the Virtual User Generator when handling multiple unspecified methods that allows a remote attacker to read, write, or delete arbitrary files, thus leading to information disclosure or the execution of arbitrary code. (CVE-2013-6213)
Upgrade to HP LoadRunner 11.52 Patch 1 or later or apply the workaround.