HP System Management Homepage < 7.0 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
7.0. As such, it is reportedly affected by the following
vulnerabilities :

- An error exists in the 'generate-id' function in the
bundled libxslt library that can allow disclosure of
heap memory addresses. (CVE-2011-0195)

- An unspecified input validation error exists and can
allow cross-site request forgery attacks. (CVE-2011-3846)

- Unspecified errors can allow attackers to carry out
denial of service attacks via unspecified vectors.
(CVE-2012-0135, CVE-2012-1993)

- The bundled version of PHP contains multiple
vulnerabilities. (CVE-2010-3436, CVE-2010-4409,
CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,
CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,
CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,
CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,
CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)

- The bundled version of Apache contains multiple
vulnerabilities. (CVE-2010-1452, CVE-2010-1623,
CVE-2010-2068, CVE-2010-2791, CVE-2011-0419,
CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,
CVE-2011-3368, CVE-2011-3639)

- OpenSSL libraries are contained in several of the
bundled components and contain multiple vulnerabilities.
(CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,
CVE-2011-3207,CVE-2011-3210)

- Curl libraries are contained in several of the bundled
components and contain multiple vulnerabilities.
(CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)

See also :

http://www.nessus.org/u?a467ff94

Solution :

Upgrade to HP System Management Homepage 7.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial