In association with heise online

05 September 2012, 12:43

Nine 0days: HP in the security dock again

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

HP cracked logo The Zero Day Initiative (ZDI) has published information about further unpatched critical security holes in HP's enterprise products: the 0day holes all allow remote attackers to inject and execute arbitrary code into the server systems. Eight of the nine holes are rated at the highest risk level (CVSS) of 10.0:

Before the disclosure of the vulnerability details, HP had up to a year to close the nine critical security holes. Since the ZDI became a part of HP after a takeover, the company has effectively put itself in the dock with the release of the vulnerability advisories. And this is not the first time: two weeks ago, the ZDI published five advisories for other unpatched HP security holes.

It remains unclear why HP hasn't fixed the vulnerabilities despite the ample period of grace it has been given. HP has yet to respond to several enquiries on this subject by The H's associates at heise Security.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit