Description
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References (6)
Core 6
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/859230
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49218
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53556
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027075
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134013352316810&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81981
Scores
EPSS
0.0420
EPSS Percentile
88.9%
Details
CWE
CWE-264
Status
published
Products (1)
hp/business_service_management
9.12
Published
May 21, 2012
Tracked Since
Feb 18, 2026