HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities

Critical Nessus Plugin ID 46015

Synopsis

The remote web server has multiple vulnerabilities.

Description

According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.0.0.96 / 6.0.0-95. Such versions are potentially affected by the following vulnerabilities :

- A cross-site scripting (XSS) vulnerability due to a failure to sanitize UTF-7 encoded input. Browsers are only affected if encoding is set to auto-select.
(CVE-2008-1468)

- An integer overflow in the libxml2 library that can result in a heap overflow. (CVE-2008-4226)

- A buffer overflow in the PHP mbstring extension.
(CVE-2008-5557)

- An unspecified XSS in PHP when 'display_errors' is enabled. (CVE-2008-5814)

- Multiple denial of service vulnerabilities in OpenSSL DTLS. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)

- A cross-site scripting vulnerability due to a failure to sanitize input to the 'servercert' parameter of '/proxy/smhu/getuiinfo'. (CVE-2009-4185)

- An unspecified vulnerability that could allow an attacker to access sensitive information, modify data, or cause a denial of service. (CVE-2010-1034)

Solution

Upgrade to HP System Management Homepage 6.0.0.96 (Windows) / 6.0.0-95 (Linux) or later.

HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Exploitable With

Reference Information