Executive Summary

Summary
Title	HP Storage Essentials Software, Remote Unauthorized Access to Data

Informations
Name	HPSBST02318 SSRT080018	First vendor Publication	2008-04-08
Vendor	HP	Last vendor Modification	2008-04-08
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP Storage Essentials Software. The vulnerability could be exploited remotely to gain unauthorized access to data.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402

CPE : Common Platform Enumeration

Type	Description	Count
Application	Jboss Jboss Application Server cpe:2.3:a:jboss:jboss_application_server:4.0.5.ga:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.4.ga:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.3_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.2_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.1_sp1:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.1_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:4.0.0_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:3.2.8.sp1:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:3.2.8_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:3.2.7_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:3.2.6_final:*:*:*:*:*:*:* cpe:2.3:a:jboss:jboss_application_server:3.2.5_final:*:*:*:*:*:*:*	12

Open Source Vulnerability Database (OSVDB)

Id

Description

30767

JBoss Application Server (jbossas) JMX Console DeploymentFileRepository Trave... Jboss contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the JMX console not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the DeploymentFileRepository class. This directory traversal attack would allow the attacker to read or modify arbitrary files.

Nessus® Vulnerability Scanner

Date	Description
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_jboss-2309.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_jboss4-2304.nasl - Type : ACT_GATHER_INFO
2006-12-14	Name : The remote web server contains a Java service that is affected by a directory... File : jboss_deploymentfilerepository_dir_traversal.nasl - Type : ACT_DESTRUCTIVE_ATTACK