This script is Copyright (C) 2016 Tenable Network Security, Inc.
An application running on the remote web server is affected by a
denial of service vulnerability.
The version of HP System Management Homepage (SMH) hosted on the
remote web server is prior to 184.108.40.206. It is, therefore, affected by a
flaw in the AddCertsToTrustCfgList() function within
file mod_smh_config.so due to improper extraction of the common name
in the subject when processing X.509 certificates. An unauthenticated,
remote attacker can exploit this issue, via a crafted certificate, to
cause a denial of service condition. Note that to exploit this
vulnerability, the 'Trust Mode' setting must be configured with
'Trust All', the 'IP Restricted login' setting must allow the attacker
to access SMH, and the 'Kerberos Authorization' (Windows only) setting
must be disabled.
See also :
Upgrade to HP System Management Homepage (SMH) version 220.127.116.11 or
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.1
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now