HP AutoPass License Server Remote Code Execution Exploit

This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-6221
Product Version: 
2014_R1
Released Date: 
Tuesday, July 22, 2014 - 00:00