HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities

Critical Nessus Plugin ID 70806


The remote Windows host has an application that is affected by multiple vulnerabilities.


The version of HP LoadRunner installed on the remote host is prior to 11.52 Patch 1. It is, therefore, affected by multiple vulnerabilities :

- Flaws exist in the Virtual User Generator that allow directory traversal outside of a restricted path. These can be exploited by a remote attacker to create files with arbitrary content, thus leading to remote code execution. (CVE-2013-4837, CVE-2013-4838)

- A SQL injection vulnerability exists in the Virtual User Generator that allows remote attackers to acquire sensitive information, modify data, or cause a denial of service. (CVE-2013-4839)

- A flaw exists in the Virtual User Generator when handling multiple unspecified methods that allows a remote attacker to read, write, or delete arbitrary files, thus leading to information disclosure or the execution of arbitrary code. (CVE-2013-6213)


Upgrade to HP LoadRunner 11.52 Patch 1 or later or apply the workaround.

See Also







Plugin Details

Severity: Critical

ID: 70806

File Name: hp_loadrunner_11_52_1.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2013/11/09

Modified: 2016/12/21

Dependencies: 59717

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:loadrunner

Required KB Items: SMB/Registry/Enumerated, installed_sw/HP LoadRunner

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/10/30

Vulnerability Publication Date: 2013/10/30

Exploitable With

Metasploit (HP LoadRunner EmulationAdmin Web Service Directory Traversal)

Reference Information

CVE: CVE-2013-4837, CVE-2013-4838, CVE-2013-4839, CVE-2013-6213

BID: 63475, 63476, 63477, 66961

OSVDB: 99231, 99232, 99233, 106008

HP: HPSBMU02935, SSRT101191, SSRT101192, SSRT101193, SSRT101357, emr_na-c03969437