Sign-up

ID

VAR-201511-0043


CVE

CVE-2015-6857


TITLE

HP LoadRunner of Virtual Table Server Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-006034

DESCRIPTION

Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3138 Was numbered.A third party may execute arbitrary code. Authentication is not required to exploit this vulnerability. By providing a connection string and malicious SQL commands to the /data/import_database resource, an attacker is able to execute arbitrary SQL commands against the database. An attacker could use this to modify the database, or execute arbitrary code under the context of NETWORK SERVICE. HP LoadRunner is prone to a local code-execution vulnerability. Failed attempts may lead to denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04907374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04907374 Version: 1 HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2015-6857 ZDI-CAN-3138 PSRT110001 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-6857 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information available to resolve this vulnerability in the impacted versions of Performance Center. Please consult HP Software Support Online (SSO): https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01936061 HISTORY Version:1 (rev.1) - 3 December 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2015 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWYI0xAAoJEGIGBBYqRO9/Rb0H/ifkXXJXIRjPuHgHjKDA42RO mnLZKx2VSPG7agFWs+6KbehGSs/L6OL92OkunjK16mC44FNL4JMAM7YDdrnurzdS 6bG0vYa0/8kzcBjzIPQegzJ6a6EBefMddtfiPI1kp4Z2BWypJhLU+6tl3gq94Wt+ GJmeYxHHdxyY3IEBQIKMaTeTDlnHzOZaUnUXJ/NPpYrrjl6pG8osqB1CvBynPGjH p8wHUwgqcrqcrskF7p6yu+zqF4rMejwffIyB4dqsKyuEJZln0SFyGJDe0s+ZhMvF r7JQ2hYNllXAo60yKewz5gEjcCvm36Ea3i9a5TWm1GycH3yaeAeaQW0w/qT+MRg= =q5qO -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2015-6857 // JVNDB: JVNDB-2015-006034 // ZDI: ZDI-15-581 // BID: 77946 // PACKETSTORM: 134630 // PACKETSTORM: 134546

AFFECTED PRODUCTS

vendor:hpmodel:loadrunnerscope:eqversion:12.01

Trust: 1.6

vendor:hpmodel:performance centerscope:eqversion:12.20

Trust: 1.6

vendor:hpmodel:loadrunnerscope:eqversion:12.02

Trust: 1.6

vendor:hpmodel:performance centerscope:eqversion:11.52

Trust: 1.6

vendor:hpmodel:loadrunnerscope:eqversion:11.52

Trust: 1.6

vendor:hpmodel:performance centerscope:eqversion:12.50

Trust: 1.6

vendor:hpmodel:loadrunnerscope:eqversion:12.50

Trust: 1.6

vendor:hpmodel:performance centerscope:eqversion:12.01

Trust: 1.6

vendor:hpmodel:performance centerscope:eqversion:12.00

Trust: 1.6

vendor:hpmodel:loadrunnerscope:eqversion:12.00

Trust: 1.6

vendor:hewlett packardmodel:hp loadrunnerscope:eqversion:11.52

Trust: 0.8

vendor:hewlett packardmodel:hp loadrunnerscope:eqversion:12.00

Trust: 0.8

vendor:hewlett packardmodel:hp loadrunnerscope:eqversion:12.01

Trust: 0.8

vendor:hewlett packardmodel:hp loadrunnerscope:eqversion:12.02

Trust: 0.8

vendor:hewlett packardmodel:hp loadrunnerscope:eqversion:12.50

Trust: 0.8

vendor:hewlett packardmodel:loadrunnerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-15-581 // JVNDB: JVNDB-2015-006034 // CNNVD: CNNVD-201511-429 // NVD: CVE-2015-6857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6857
value: HIGH

Trust: 1.0

NVD: CVE-2015-6857
value: HIGH

Trust: 0.8

ZDI: CVE-2015-6857
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201511-429
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2015-6857
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2015-6857
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

sources: ZDI: ZDI-15-581 // JVNDB: JVNDB-2015-006034 // CNNVD: CNNVD-201511-429 // NVD: CVE-2015-6857

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-6857

THREAT TYPE

local

Trust: 0.9

sources: BID: 77946 // CNNVD: CNNVD-201511-429

TYPE

Unknown

Trust: 0.3

sources: BID: 77946

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006034

PATCH
title:HPSBGN03523url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04900820
Trust: 1.5
title:HP LoadRunner Virtual Table Server Fixes for component arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58861
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-581 // 
            
            
            
            JVNDB: JVNDB-2015-006034 // 
            
            
            
            CNNVD: CNNVD-201511-429

EXTERNAL IDS
db:NVDid:CVE-2015-6857
Trust: 3.6
db:ZDIid:ZDI-15-581
Trust: 1.7
db:BIDid:77946
Trust: 1.3
db:SECTRACKid:1034259
Trust: 1.0
db:JVNDBid:JVNDB-2015-006034
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3138
Trust: 0.7
db:CNNVDid:CNNVD-201511-429
Trust: 0.6
db:PACKETSTORMid:134630
Trust: 0.1
db:PACKETSTORMid:134546
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-581 // 
            
            
            
            BID: 77946 // 
            
            
            
            JVNDB: JVNDB-2015-006034 // 
            
            
            
            PACKETSTORM: 134630 // 
            
            
            
            PACKETSTORM: 134546 // 
            
            
            
            CNNVD: CNNVD-201511-429 // 
            
            
            
            NVD: CVE-2015-6857

REFERENCES
url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04900820
Trust: 1.6
url:http://www.securityfocus.com/bid/77946
Trust: 1.0
url:http://www.securitytracker.com/id/1034259
Trust: 1.0
url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04907374
Trust: 1.0
url:http://www.zerodayinitiative.com/advisories/zdi-15-581
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6857
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6857
Trust: 0.8
url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04900820
Trust: 0.7
url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n
Trust: 0.2
url:http://www.hpe.com/support/security_bulletin_archive
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-6857
Trust: 0.2
url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea
Trust: 0.2
url:http://www.hpe.com/support/subscriber_choice
Trust: 0.2
sources:
            
            
            ZDI: ZDI-15-581 // 
            
            
            
            JVNDB: JVNDB-2015-006034 // 
            
            
            
            PACKETSTORM: 134630 // 
            
            
            
            PACKETSTORM: 134546 // 
            
            
            
            CNNVD: CNNVD-201511-429 // 
            
            
            
            NVD: CVE-2015-6857

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-15-581

SOURCES
db:ZDIid:ZDI-15-581
db:BIDid:77946
db:JVNDBid:JVNDB-2015-006034
db:PACKETSTORMid:134630
db:PACKETSTORMid:134546
db:CNNVDid:CNNVD-201511-429
db:NVDid:CVE-2015-6857

LAST UPDATE DATE
2025-04-13T23:18:02.473000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-581date:2015-12-02T00:00:00
db:BIDid:77946date:2015-12-07T22:35:00
db:JVNDBid:JVNDB-2015-006034date:2015-11-30T00:00:00
db:CNNVDid:CNNVD-201511-429date:2015-11-27T00:00:00
db:NVDid:CVE-2015-6857date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-581date:2015-12-02T00:00:00
db:BIDid:77946date:2015-11-24T00:00:00
db:JVNDBid:JVNDB-2015-006034date:2015-11-30T00:00:00
db:PACKETSTORMid:134630date:2015-12-04T15:55:00
db:PACKETSTORMid:134546date:2015-11-27T18:26:14
db:CNNVDid:CNNVD-201511-429date:2015-11-27T00:00:00
db:NVDid:CVE-2015-6857date:2015-11-26T03:59:02.053