HP System Management Homepage < 22.214.171.124 Multiple Flaws
Medium Nessus Plugin ID 38832
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 126.96.36.199. Such versions are reportedly affected by multiple flaws :
- A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)
- A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)
- Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)
SolutionUpgrade to HP System Management Homepage 188.8.131.52 or later.