HP System Management Homepage < iprange Parameter Code Execution

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a code execution vulnerability.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is a version
prior to and is, therefore, reportedly affected by a code
execution vulnerability related to the 'iprange' parameter in requests
made to '/proxy/DataValidation'

Note that successful exploitation requires that anonymous access is

See also :


Solution :

Upgrade to HP System Management Homepage or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66541 ()

Bugtraq ID: 58817