Based on the information in the webpage screenshot, the following key details about the vulnerability can be obtained: - **Vulnerability Name**: HP AutoPass License Server File Upload - **Vulnerability Description**: This vulnerability exploits a remote code execution flaw in the HP AutoPass License Server. It achieves its goal due to two weaknesses. First, the AutoPass application does not enforce authentication in the CommunicationServlet component. Second, during file upload via the same component, directory traversal can be abused, allowing the upload of arbitrary payloads embedded within JSP files. - **Affected Systems**: - Windows 2003 SP2 / HP AutoPass License Server 8.01 / HP Service Virtualization 3.50 - Windows 2008 32 bits / HP AutoPass License Server 8.01 / HP Service Virtualization 3.50 - Windows 2008 64 bits / HP AutoPass License Server 8.01 / HP Service Virtualization 3.50 - Windows 2012 / HP AutoPass License Server 8.01 / HP Service Virtualization 3.50 - **Vulnerability Authors**: - rgod - juan vazquez (Metasploit module) - **CVE ID**: 2013-6221 - **ZDI ID**: 14-195 - **BID ID**: 67989 - **Discovery Date**: 2014-01-10 - **Related URL**: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04333125 - **Reliability, Stability, and Side Effects**: Unknown - **Additional Information**: - Includes related registration options, advanced options, check functions, exploit functions, and some auxiliary functions. The exploit function attempts to leverage the vulnerability by uploading and executing a payload embedded in a JSP file.