Detections
Analytics
HP System Management Homepage (SMH) AddXECert Remote DoS
low Nessus Plugin ID 90624
Language:
Synopsis
The remote web server is affected by a denial of service vulnerability.Description
The HP System Management Homepage (SMH) application running on the remote web server is affected by a denial of service vulnerability due to improper handling of the Common Name in a certificate uploaded via /proxy/AddXECert. An unauthenticated, remote attacker can exploit this, via a crafted certificate, to cause a denial of service condition.For the exploit to work, the 'Trust Mode' setting must be configured with 'Trust All', the 'IP Restricted login' setting must allow the attacker to access SMH, and the 'Kerberos Authorization' (Windows only) setting must be disabled.
Note that this plugin attempts to upload a certificate to the remote SMH server, and the certificate is stored in <SMH_INSTALLATION_DIR>/certs/. Nessus will attempt to delete the certificate later. The user is advised to delete the certificate if Nessus fails to do so. The uploaded certificate should appear under Settings->SMH->Security->Trusted Management Servers in the SMH web GUI, which the user can use to delete the certificate.
Additionally, note that the SMH running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.
Solution
Upgrade to HP System Management Homepage (SMH) version 7.5.4 or later.See Also
Plugin Details
Severity: Low
ID: 90624
File Name: hpsmh_addcert_bad_cn.nasl
Version: 1.3
Type: remote
Family: Web Servers
Published: 4/21/2016
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Low
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:hp:system_management_homepage
Required KB Items: www/hp_smh, www/compaq
Patch Publication Date: 3/15/2016
Vulnerability Publication Date: 3/15/2016
Reference Information
HP: HPSBMU03546, emr_na-c05045763