Intrusion Prevention

HP.Loadrunner.Web.Tours.Upload.Directory.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal vulnerability in HP Loadrunner.
A vulnerability has been reported in Loadrunner that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "username" parameter value that is passed to "login.pl". An attacker may write a file to an arbitrary directory by sending a crafted HTTP POST request.

Affected Products

HP LoadRunner 9.1 and earlier versions.

Impact

Directory Traversal

Recommended Actions

Apply patch, available from the website:
http://support.openview.hp.com/

CVE References

CVE-2010-4028