HP System Management Homepage (SMH) AddXECert Remote DoS

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a denial of service
vulnerability.

Description :

The HP System Management Homepage (SMH) application running on the
remote web server is affected by a denial of service vulnerability due
to improper handling of the Common Name in a certificate uploaded via
/proxy/AddXECert. An unauthenticated, remote attacker can exploit
this, via a crafted certificate, to cause a denial of service
condition.

For the exploit to work, the 'Trust Mode' setting must be configured
with 'Trust All', the 'IP Restricted login' setting must allow the
attacker to access SMH, and the 'Kerberos Authorization' (Windows
only) setting must be disabled.

Note that this plugin attempts to upload a certificate to the remote
SMH server, and the certificate is stored in
<SMH_INSTALLATION_DIR>/certs/. Nessus will attempt to delete the
certificate later. The user is advised to delete the certificate if
Nessus fails to do so. The uploaded certificate should appear under
Settings->SMH->Security->Trusted Management Servers in the SMH web
GUI, which the user can use to delete the certificate.

Additionally, note that the SMH running on the remote host is
reportedly affected by other vulnerabilities as well; however, Nessus
has not tested for these.

See also :

http://www.nessus.org/u?4248fa41

Solution :

Upgrade to HP System Management Homepage (SMH) version 7.5.4 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)

Family: Web Servers

Nessus Plugin ID: 90624 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now