HP SiteScope Directory Traversal Vulnerability

September 27, 2012

HP SiteScope is an agentless monitoring software focused on monitoring the availability and performance of distributed IT infrastructures, including servers, operating systems, network and Internet services, applications and application components. HP SiteScope tests a web page or a series of web pages using synthetic monitoring. However, it is not limited to web applications and can be used to monitor database servers (Oracle Database, Microsoft SQL Server, etc.), Unix servers, Microsoft Windows servers and many other types of hardware and software.

HP SiteScope incorporates Apache Tomcat to help serve its custom web applications. Apache Tomcat is an open source web server and servlet container. Tomcat implements the Java Servlet and the Java Server Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java" HTTP web server environment for Java code to run. In such a relationship, Apache receives all of the HTTP requests made to the Web application. Apache then recognizes which requests are intended for Servlets/JSPs, and passes these requests to Tomcat. Tomcat fulfills the request and passes the response back to Apache, which then returns the response to the requester. Two web applications UploadManagerServlet and DownloadManagerServlet are included with a HP SiteScope server installation that provide file upload and download services. These services are available at the following URIs:

  • /SiteScope/upload
  • /SiteScope/download

A directory traversal vulnerability exists in the HP SiteScope server. Specifically, an authenticated user can directly access the UploadManagerServlet and the DownloadManagerServlet web applications and supply an arbitrary file path for upload and download. An authenticated remote attacker can leverage this vulnerability to upload and execute arbitrary code on the vulnerable target under the privileges of Administrators.

Dell SonicWALL UTM has researched this vulnerability and released the following IPS signature to detect and prevent the attacks addressing this issue:

  • 8708 HP SiteScope Directory Traversal

This vulnerability was not assigned with a CVE ID.