How to Buy
This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
7.1.1 and is, therefore, reportedly affected by the following
- The bundled version of the libxml2 library contains
multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821,
- The bundled version of PHP contains multiple
vulnerabilities. (CVE-2011-3379, CVE-2011-4153,
CVE-2011-4885, CVE-2012-1823, CVE-2012-0057,
- The bundled version of the Apache HTTP Server contains
multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317,
CVE-2011-4415, CVE-2012-0021, CVE-2012-0031,
- An issue exists in the 'include/iniset.php' script in
the embedded RoundCube Webmail version that could lead
to a denial of service. (CVE-2011-4078)
- The bundled version of OpenSSL contains multiple
vulnerabilities. (CVE-2011-4108, CVE-2011-4576,
CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,
- The bundled version of curl and libcurl does not
properly consider special characters during extraction
of a pathname from a URL. (CVE-2012-0036)
- An off autocomplete attribute does not exist for
unspecified form fields, which makes it easier for
remote attackers to obtain access by leveraging an
unattended workstation. (CVE-2012-2012)
- An unspecified vulnerability exists that could allow a
remote attacker to cause a denial of service, or
possibly obtain sensitive information or modify data.
- An unspecified vulnerability exists related to improper
input validation. (CVE-2012-2014)
- An unspecified vulnerability allows remote,
unauthenticated users to gain privileges and obtain
sensitive information. (CVE-2012-2015)
- An unspecified vulnerability allows local users to
obtain sensitive information via unknown vectors.
See also :
Upgrade to HP System Management Homepage 7.1.1 or later.
Risk factor :
High / CVSS Base Score : 9.7
CVSS Temporal Score : 8.4
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 59851 ()
Bugtraq ID: 480564975450402504945063950802511935128151407514175166551705517065180651830527645338854218
CVE ID: CVE-2011-1944CVE-2011-2821CVE-2011-2834CVE-2011-3379CVE-2011-3607CVE-2011-4078CVE-2011-4108CVE-2011-4153CVE-2011-4317CVE-2011-4415CVE-2011-4576CVE-2011-4577CVE-2011-4619CVE-2011-4885CVE-2012-0021CVE-2012-0027CVE-2012-0031CVE-2012-0036CVE-2012-0053CVE-2012-0057CVE-2012-0830CVE-2012-1165CVE-2012-1823CVE-2012-2012CVE-2012-2013CVE-2012-2014CVE-2012-2015CVE-2012-2016
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.