HP System Management Homepage < 3.0.1.73 Multiple Flaws
Medium Nessus Plugin ID 38832
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 3.0.1.73. Such versions are reportedly affected by multiple flaws :
- A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)
- A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)
- Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)
Solution
Upgrade to HP System Management Homepage 3.0.1.73 or later.