HP System Management Homepage < 220.127.116.11 Multiple Flaws
Medium Nessus Plugin ID 38832
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 18.104.22.168. Such versions are reportedly affected by multiple flaws :
- A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)
- A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)
- Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)
SolutionUpgrade to HP System Management Homepage 22.214.171.124 or later.