43012

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0.  As such, it is reportedly affected by the following vulnerabilities :

 - An error exists in the 'generate-id' function in the    bundled libxslt library that can allow disclosure of    heap memory addresses. (CVE-2011-0195)

 - An unspecified input validation error exists and can    allow cross-site request forgery attacks. (CVE-2011-3846)

 - Unspecified errors can allow attackers to carry out    denial of service attacks via unspecified vectors.
   (CVE-2012-0135, CVE-2012-1993)

 - The bundled version of PHP contains multiple    vulnerabilities. (CVE-2010-3436, CVE-2010-4409,    CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,    CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,    CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,    CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,    CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)

 - The bundled version of Apache contains multiple    vulnerabilities. (CVE-2010-1452, CVE-2010-1623,    CVE-2010-2068,  CVE-2010-2791, CVE-2011-0419,    CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,    CVE-2011-3368, CVE-2011-3639)

 - OpenSSL libraries are contained in several of the    bundled components and contain multiple vulnerabilities.
   (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,    CVE-2011-3207,CVE-2011-3210)

 - Curl libraries are contained in several of the bundled    components and contain multiple vulnerabilities.
   (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)

CVE-2011-3846

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical