Arbitrary File Creation and Deletion Vulnerabilities in HP Data Protector's Cell Request Service

Arbitrary File Creation and Deletion Vulnerabilities in HP Data Protector's Cell Request Service

CVE-2014-5160 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

Learn more about our Web Application Penetration Testing UK.