CVE-2016-2004 PoC — HPE Data Protector 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2016/CVE-2016-2004.yaml

Associated Vulnerability

Title:HPE Data Protector 安全漏洞 (CVE-2016-2004)
Description:HPE Data Protector是美国惠普企业（Hewlett Packard Enterprise，HPE）公司的一套统一数据保护解决方案。该方案通过利用智能数据管理方法，保护跨所有物理和虚拟环境的数据，提供三方（应用源、备用服务器和目标设备）重复数据删除功能。 HPE Data Protector中存在安全漏洞。远程攻击者可利用该漏洞执行任意代码。以下版本受到影响：HPE Data Protector 7.03_108之前版本，8.15之前版本，9.06之前版本。

Description

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.

File Snapshot


 id: CVE-2016-2004

info:
  name: HP Data Protector - Arbitrary Command Execution
  author: pussycat0

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!