Definition


New Search

HP-UX Running VRTSweb Remote Execution of Arbitrary Code Increase of Privilege

oval:org.mitre.oval:def:7986

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d 12.0 and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2 5.0 5.0RP1a 5.0RP2 5.1 and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1 5.0 and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5 4.0 4.1 and 5.0; Veritas Storage Foundation Manager (SFM) 1.0 1.0 MP1 1.1 1.1.1Ux 1.1.1Win and 2.0; Veritas Cluster Server (VCS) 3.5 4.0 4.1 and 5.0; Veritas Cluster Server One (VCSOne) 2.0 2.0.1 and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1 5.5 and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5 4.0 4.1 and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x 5.0 and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA 5.0 MP1 5.0 MP1RP1 and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests which allows remote attackers to trigger the unpacking of a WAR archive and execute arbitrary code in the contained files via crafted data to TCP port 14300.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2009-3027
Product(s):