HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of HP System Management Homepage
(SMH) hosted on the remote web server is affected by the following
vulnerabilities :

- A denial of service vulnerability exists in the Apache
HTTP Server due to the lack of the mod_reqtimeout
module. An unauthenticated, remote attacker can exploit
this, via a saturation of partial HTTP requests, to
cause a daemon outage. (CVE-2007-6750)

- A cross-site scripting (XSS) vulnerability exists in
jQuery when using location.hash to select elements. An
unauthenticated, remote attacker can exploit this, via
a specially crafted tag, to inject arbitrary script
code or HTML into the user's browser session.
(CVE-2011-4969)

- A NULL pointer dereference flaw exists in file
rsa_ameth.c due to improper handling of ASN.1 signatures
that are missing the PSS parameter. A remote attacker
can exploit this to cause the signature verification
routine to crash, resulting in a denial of service
condition. (CVE-2015-3194)

- A flaw exists in the ASN1_TFLG_COMBINE implementation in
file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit
this to cause a memory leak by triggering a decoding
failure in a PKCS#7 or CMS application, resulting in a
denial of service. (CVE-2015-3195)

- An out-of-bounds read error exists in cURL and libcurl
within the smb_request_state() function due to improper
bounds checking. An unauthenticated, remote attacker
can exploit this, using a malicious SMB server and
crafted length and offset values, to disclose sensitive
memory information or to cause a denial of service
condition. (CVE-2015-3237)

- A flaw exists in libxslt in the xsltStylePreCompute()
function within file preproc.c due to a failure to check
if the parent node is an element. An unauthenticated,
remote attacker can exploit this, via a specially
crafted XML file, to cause a denial of service
condition. (CVE-2015-7995)

- An infinite loop condition exists in the xz_decomp()
function within file xzlib.c when handling xz compressed
XML content due to a failure to detect compression
errors. An unauthenticated, remote attacker can exploit
this, via specially crafted XML data, to cause a denial
of service condition. (CVE-2015-8035)

- A double-free error exists due to improper validation of
user-supplied input when parsing malformed DSA private
keys. A remote attacker can exploit this to corrupt
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2016-0705)

- An out-of-bounds read error exists in the fmtstr()
function within file crypto/bio/b_print.c when printing
very long strings due to a failure to properly calculate
string lengths. An unauthenticated, remote attacker can
exploit this, via a long string, to cause a denial of
service condition, as demonstrated by a large amount of
ASN.1 data. (CVE-2016-0799)

- An unspecified flaw exists that allows a local attacker
to impact the confidentiality and integrity of the
system. No other details are available. (CVE-2016-2015)

- A flaw exists in the doapr_outch() function within file
crypto/bio/b_print.c due to a failure to verify that a
certain memory allocation succeeds. An unauthenticated,
remote attacker can exploit this, via a long string,
to cause a denial of service condition, as demonstrated
by a large amount of ASN.1 data. (CVE-2016-2842)

See also :

http://www.nessus.org/u?fea15d14

Solution :

Upgrade to HP System Management Homepage version 7.5.5 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now