This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
6.3. Such versions are reportedly affected by the following
- An error exists in the function 'fnmatch' in the
bundled version of PHP that can lead to stack
- An information disclosure vulnerability exists in the
'var_export' function in the bundled version of PHP
that can be triggered when handling certain error
- A double free vulnerability in the
'ssl3_get_key_exchange()' function in the third-party
OpenSSL library could be abused to crash the
- A format string vulnerability in the phar extension
in the bundled version of PHP could lead to the
disclosure of memory contents and possibly allow
execution of arbitrary code via a specially crafted
'phar://' URI. (CVE-2010-2950)
- A NULL pointer dereference in
'ZipArchive::getArchiveComment' included with the
bundled version of PHP can be abused to crash the
- The bundled version of libxml2 may read from invalid
memory locations when processing malformed XPath
expressions, resulting in an application crash.
- An error in the 'mb_strcut()' function in the bundled
version of PHP can be exploited by passing a large
'length' parameter to disclose potentially sensitive
information from the heap. (CVE-2010-4156)
- An as-yet unspecified remote code execution
vulnerability could allow an authenticated user to
execute arbitrary code with system privileges.
- An as-yet unspecified, unauthorized access vulnerability
could lead to a complete system compromise.
See also :
Upgrade to HP System Management Homepage 6.3 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false