HP System Management Homepage < 126.96.36.199 Multiple Vulnerabilities (BEAST)
High Nessus Plugin ID 69020
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 188.8.131.52. It is, therefore, affected by the following vulnerabilities :
- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution.
- Numerous, unspecified errors could allow remote denial of service attacks. (CVE-2012-2110, CVE-2012-2329, CVE-2012-2336, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360)
- The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution are still possible.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.
- Unspecified errors exist that could allow unauthorized access. (CVE-2012-5217, CVE-2013-2355)
- Unspecified errors exist that could allow disclosure of sensitive information. (CVE-2013-2356, CVE-2013-2363)
- An unspecified error exists that could allow cross-site scripting attacks. (CVE-2013-2361)
- Unspecified errors exist that could allow a local attacker to cause denial of service conditions.
- An as-yet unspecified vulnerability exists that could cause a denial of service condition. (CVE-2013-4821)
SolutionUpgrade to HP System Management Homepage 184.108.40.206 or later.