HP System Management Homepage < 7.2.0.14 iprange Parameter Code Execution

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a code execution vulnerability.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is a version
prior to 7.2.0.14 and is, therefore, reportedly affected by a code
execution vulnerability related to the 'iprange' parameter in requests
made to '/proxy/DataValidation'

Note that successful exploitation requires that anonymous access is
enabled.

See also :

http://www.nessus.org/u?f2db75ce

Solution :

Upgrade to HP System Management Homepage 7.2.0.14 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66541 ()

Bugtraq ID: 58817

CVE ID: