CVE-2012-3261

HP SiteScope 11.10-11.12 - Remote Code Execution via SOAP Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3261. Includes Metasploit module exploits/multi/http/hp_sitescope_uploadfileshandler.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass (CVE-2012-3260) and arbitrary file upload (CVE-2012-3261) in HP SiteScope 11.20 to achieve remote code execution via a malicious JSP payload. It creates a user with empty credentials, authenticates, and uploads a JSP that decodes and executes a hex-encoded payload.

Description

Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.

Exploits (1)

metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb

This Metasploit module exploits an authentication bypass (CVE-2012-3260) and arbitrary file upload (CVE-2012-3261) in HP SiteScope 11.20 to achieve remote code execution via a malicious JSP payload. It creates a user with empty credentials, authenticates, and uploads a JSP that decodes and executes a hex-encoded payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP SiteScope 11.20
No auth needed
Prerequisites: Network access to HP SiteScope (port 8080 by default) · HP SiteScope 11.20 with vulnerable endpoints exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134825051608877&w=2

Scores

EPSS 0.3838
EPSS Percentile 98.4%

Details

Status published
Products (3)
hp/sitescope 11.10
hp/sitescope 11.11
hp/sitescope 11.12
Published Sep 25, 2012
Tracked Since Feb 18, 2026