HP SiteScope Directory Traversal Vulnerability (Sept 27, 2012)


HP SiteScope is an agentless monitoring software focused on monitoring the availability and performance of distributed IT infrastructures, including servers, operating systems, network and Internet services, applications and application components. HP SiteScope tests a web page or a series of web pages using synthetic monitoring. However, it is not limited to web applications and can be used to monitor database servers (Oracle Database, Microsoft SQL Server, etc.), Unix servers, Microsoft Windows servers and many other types of hardware and software.

HP SiteScope incorporates Apache Tomcat to help serve its custom web applications. Apache Tomcat is an open source web server and servlet container. Tomcat implements the Java Servlet and the Java Server Pages (JSP) specifications from Sun Microsystems, and provides a “pure Java” HTTP web server environment for Java code to run. In such a relationship, Apache receives all of the HTTP requests made to the Web application. Apache then recognizes which requests are intended for Servlets/JSPs, and passes these requests to Tomcat. Tomcat fulfills the request and passes the response back to Apache, which then returns the response to the requester. Two web applications UploadManagerServlet and DownloadManagerServlet are included with a HP SiteScope server installation that provide file upload and download services. These services are available at the following URIs:

  • /SiteScope/upload
  • /SiteScope/download

A directory traversal vulnerability exists in the HP SiteScope server. Specifically, an authenticated user can directly access the UploadManagerServlet and the DownloadManagerServlet web applications and supply an arbitrary file path for upload and download. An authenticated remote attacker can leverage this vulnerability to upload and execute arbitrary code on the vulnerable target under the privileges of Administrators.

Dell SonicWALL UTM has researched this vulnerability and released the following IPS signature to detect and prevent the attacks addressing this issue:

  • 8708 HP SiteScope Directory Traversal

This vulnerability was not assigned with a CVE ID.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.