This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote web server has multiple vulnerabilities.
According to its self-reported version number, the HP System
Management Homepage install on the remote host is earlier than
220.127.116.11 / 6.0.0-95. Such versions are potentially affected by the
following vulnerabilities :
- A cross-site scripting (XSS) vulnerability due to a
failure to sanitize UTF-7 encoded input. Browsers are
only affected if encoding is set to auto-select.
- An integer overflow in the libxml2 library that can
result in a heap overflow. (CVE-2008-4226)
- A buffer overflow in the PHP mbstring extension.
- An unspecified XSS in PHP when 'display_errors' is
- Multiple denial of service vulnerabilities in OpenSSL
DTLS. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
- An cross-site scripting vulnerability due to a failure
to sanitize input to the 'servercert' parameter of
- An unspecified vulnerability that could allow an
attacker to access sensitive information, modify data,
or cause a denial of service. (CVE-2010-1034)
See also :
Upgrade to HP System Management Homepage 18.104.22.168 (Windows) /
6.0.0-95 (Linux) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true