HP System Management Homepage < 3.0.1.73 Multiple Flaws

Medium Nessus Plugin ID 38832

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 3.0.1.73. Such versions are reportedly affected by multiple flaws :

 - A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)

 - A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)

 - Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)

Solution

Upgrade to HP System Management Homepage 3.0.1.73 or later.

See Also

http://www.nessus.org/u?5252a6f9

http://www.nessus.org/u?e2a507a8

Plugin Details

Severity: Medium

ID: 38832

File Name: hpsmh_3_0_1_73.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2009/05/20

Updated: 2018/06/13

Dependencies: 11936, 10746

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/05/14

Reference Information

CVE: CVE-2008-5077, CVE-2008-5814, CVE-2009-1418

BID: 35031

Secunia: 35108

CWE: 20, 79