This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote web server has multiple vulnerabilities.
According to its self-reported version number, the HP System
Management Homepage install on the remote host is earlier than
220.127.116.11 / 6.0.0-95. Such versions are potentially affected by the
following vulnerabilities :
- A cross-site scripting (XSS) vulnerability due to a
failure to sanitize UTF-7 encoded input. Browsers are
only affected if encoding is set to auto-select.
- An integer overflow in the libxml2 library that can
result in a heap overflow. (CVE-2008-4226)
- A buffer overflow in the PHP mbstring extension.
- An unspecified XSS in PHP when 'display_errors' is
- Multiple denial of service vulnerabilities in OpenSSL
DTLS. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
- An cross-site scripting vulnerability due to a failure
to sanitize input to the 'servercert' parameter of
- An unspecified vulnerability that could allow an
attacker to access sensitive information, modify data,
or cause a denial of service. (CVE-2010-1034)
See also :
Upgrade to HP System Management Homepage 18.104.22.168 (Windows) /
6.0.0-95 (Linux) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 46015 (hpsmh_6_0_0_95.nasl)
Bugtraq ID: 283803232632948350013513835174354173808139632
CVE ID: CVE-2008-1468CVE-2008-4226CVE-2008-5557CVE-2008-5814CVE-2009-1377CVE-2009-1378CVE-2009-1379CVE-2009-1386CVE-2009-1387CVE-2010-1034CVE-2009-4185
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.