HP System Management Homepage < 7.4 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is affected
by the following vulnerabilities :

- A flaw exists within the included cURL that disables the
'CURLOPT_SSLVERIFYHOST' check when the setting on
'CURLOPT_SSL_VERIFYPEER' is disabled. This can allow a
remote attacker to disable SSL certificate host name
checks. (CVE-2013-4545)

- A flaw exists in the included PHP 'openssl_x509_parse'
function due to user input not being properly sanitized.
Using a specially crafted certificate, a remote attacker
can exploit this to cause a denial of service or execute
arbitrary code. (CVE-2013-6420)

- A flaw exists within the included cURL where the
verification check for the CN and SAN name fields is
skipped due to the digital signature verification being
disabled. A remote attacker can exploit this to spoof
servers or conduct a man-in-the-middle attack.
(CVE-2013-6422)

- A flaw exists in the scan function within the included
PHP 'ext/date/lib/parse_iso_intervals.c' script where
user input is not properly sanitized. This can allow a
remote attacker to cause a denial of service using a
heap-based buffer overflow. (CVE-2013-6712)

- An unspecified cross-site scripting flaw exists which
can allow a remote attacker, using a specially crafted
request, to execute arbitrary code within the
browser / server trust relationship. (CVE-2014-2640)

- An unspecified cross-site request forgery vulnerability
exists. (CVE-2014-2641)

- An unspecified vulnerability exists that can allow
a remote attacker to conduct clickjacking attacks.
(CVE-2014-2642)

See also :

http://www.nessus.org/u?0858b492
http://www.securityfocus.com/archive/1/533589/30/0/threaded

Solution :

Upgrade to HP System Management Homepage 7.4 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now