Network Virtualization for HP LoadRunner Information Disclosure
High Nessus Plugin ID 83489
SynopsisThe remote Windows host has an application installed that is affected by an information disclosure vulnerability.
DescriptionThe remote Windows host has a version of HP LoadRunner installed that is 11.52.x and a version of HP Network Virtualization installed that is prior to 8.61 patch 3. It is, therefore, affected by an information disclosure vulnerability due to a failure in HttpServlet and NetworkEditorController to properly sanitize filenames. A remote attacker can exploit this, via a specially crafted request, to disclose the contents of arbitrary files.
SolutionUpgrade to HP Network Virtualization 8.61 Patch 3 or later.