CVE-2012-2561

Published: May 21, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

Affected (1)

Products: Hp: Business Service Management

1 product

Business Service Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Business Service Management	Version 9.12

Related CWEs

References (12)

http://marc.info/?l=bugtraq&m=134013352316810&w=2

Source: cret@cert.org

http://osvdb.org/81981

Source: cret@cert.org

http://secunia.com/advisories/49218

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/859230

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/53556

Source: cret@cert.org

http://www.securitytracker.com/id?1027075

Source: cret@cert.org

http://marc.info/?l=bugtraq&m=134013352316810&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/81981

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49218

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/859230

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/53556

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027075

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.