CVE-2012-2561

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

Published: May 21, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2561
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
hp / business_service_management	9.12	9.12.x

http://marc.info/?l=bugtraq&m=134013352316810&w=2
http://osvdb.org/81981
http://secunia.com/advisories/49218
http://www.kb.cert.org/vuls/id/859230
http://www.securityfocus.com/bid/53556
http://www.securitytracker.com/id?1027075

Vulnerability Database

289,871

CVE-2012-2561