HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities

Critical Nessus Plugin ID 46015

Synopsis

The remote web server has multiple vulnerabilities.

Description

According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.0.0.96 / 6.0.0-95. Such versions are potentially affected by the following vulnerabilities :

- A cross-site scripting (XSS) vulnerability due to a failure to sanitize UTF-7 encoded input. Browsers are only affected if encoding is set to auto-select.
(CVE-2008-1468)

- An integer overflow in the libxml2 library that can result in a heap overflow. (CVE-2008-4226)

- A buffer overflow in the PHP mbstring extension.
(CVE-2008-5557)

- An unspecified XSS in PHP when 'display_errors' is enabled. (CVE-2008-5814)

- Multiple denial of service vulnerabilities in OpenSSL DTLS. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)

- A cross-site scripting vulnerability due to a failure to sanitize input to the 'servercert' parameter of '/proxy/smhu/getuiinfo'. (CVE-2009-4185)

- An unspecified vulnerability that could allow an attacker to access sensitive information, modify data, or cause a denial of service. (CVE-2010-1034)

Solution

Upgrade to HP System Management Homepage 6.0.0.96 (Windows) / 6.0.0-95 (Linux) or later.

See Also

http://www.nessus.org/u?857eff38

https://seclists.org/bugtraq/2010/Apr/205

https://seclists.org/bugtraq/2010/Feb/47

http://www.nessus.org/u?2eb58026

http://www.nessus.org/u?205d52bb

Plugin Details

Severity: Critical

ID: 46015

File Name: hpsmh_6_0_0_95.nasl

Version: 1.23

Type: remote

Family: Web Servers

Published: 2010/04/27

Updated: 2018/11/15

Dependencies: 10746

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/09

Vulnerability Publication Date: 2008/03/21

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-1468, CVE-2008-4226, CVE-2008-5557, CVE-2008-5814, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2010-1034, CVE-2009-4185

BID: 28380, 32326, 32948, 35001, 35138, 35174, 35417, 38081, 39632

Secunia: 38341

CWE: 79, 119, 399