SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 184.108.40.206. Such versions are reportedly affected by multiple flaws :
- A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)
- A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)
- Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)
SolutionUpgrade to HP System Management Homepage 220.127.116.11 or later.