HP SiteScope Remote Code Execution Exploit Update

This module exploits two vulnerabilities in HP SiteScope to gain remote code execution. The first vulnerability is an authentication bypass in the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service to grab the administrator credentials from the server running HP SiteScope. The second vulnerability is a directory traversal in the UploadFileHandler url that allows to upload files to the server into a directory that allows for scripting. This update only adds CVE number.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-2367
Product Version: 
2013_R2
Released Date: 
Thursday, December 12, 2013 - 00:00