SID 1:45440

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER HP LoadRunner remote command execution attempt

Rule Explanation

This event is generated when an unauthenticated user attempts to execute code on HP LoadRunner. Impact: Administrative access to the victim's machine Details: Rule checks for an attempt to execute remote code on a system running HP LoadRunner on port 54345 with Secure Channel disabled. Ease of Attack: Simple; Metasploit module available

What To Look For

No information provided

Known Usage

No public information

False Positives

Known false positives, with the described conditions

The application contains a "vulnerable by design" feature that allows users to execute remote code, so it is possible for legitimate traffic to also be caught by this detection.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2010-1549

Additional Links

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_loadrunner_magentproc_cmdexec.rb

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2010-1549
 Loading description