HP System Management Homepage < / 6.0.0-95 Multiple Vulnerabilities

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server has multiple vulnerabilities.

Description :

According to its self-reported version number, the HP System
Management Homepage install on the remote host is earlier than / 6.0.0-95. Such versions are potentially affected by the
following vulnerabilities :

- A cross-site scripting (XSS) vulnerability due to a
failure to sanitize UTF-7 encoded input. Browsers are
only affected if encoding is set to auto-select.

- An integer overflow in the libxml2 library that can
result in a heap overflow. (CVE-2008-4226)

- A buffer overflow in the PHP mbstring extension.

- An unspecified XSS in PHP when 'display_errors' is
enabled. (CVE-2008-5814)

- Multiple denial of service vulnerabilities in OpenSSL
DTLS. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
CVE-2009-1386, CVE-2009-1387)

- An cross-site scripting vulnerability due to a failure
to sanitize input to the 'servercert' parameter of
'/proxy/smhu/getuiinfo'. (CVE-2009-4185)

- An unspecified vulnerability that could allow an
attacker to access sensitive information, modify data,
or cause a denial of service. (CVE-2010-1034)

See also :


Solution :

Upgrade to HP System Management Homepage (Windows) /
6.0.0-95 (Linux) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true