This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is affected
by the following vulnerabilities :
- A flaw exists within the included cURL that disables the
'CURLOPT_SSLVERIFYHOST' check when the setting on
'CURLOPT_SSL_VERIFYPEER' is disabled. This can allow a
remote attacker to disable SSL certificate host name
- A flaw exists in the included PHP 'openssl_x509_parse'
function due to user input not being properly sanitized.
Using a specially crafted certificate, a remote attacker
can exploit this to cause a denial of service or execute
arbitrary code. (CVE-2013-6420)
- A flaw exists within the included cURL where the
verification check for the CN and SAN name fields is
skipped due to the digital signature verification being
disabled. A remote attacker can exploit this to spoof
servers or conduct a man-in-the-middle attack.
- A flaw exists in the scan function within the included
PHP 'ext/date/lib/parse_iso_intervals.c' script where
user input is not properly sanitized. This can allow a
remote attacker to cause a denial of service using a
heap-based buffer overflow. (CVE-2013-6712)
- An unspecified cross-site scripting flaw exists which
can allow a remote attacker, using a specially crafted
request, to execute arbitrary code within the
browser / server trust relationship. (CVE-2014-2640)
- An unspecified cross-site request forgery vulnerability
- An unspecified vulnerability exists that can allow
a remote attacker to conduct clickjacking attacks.
See also :
Upgrade to HP System Management Homepage 7.4 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 78090 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now