HP System Management Homepage < Multiple Vulnerabilities (BEAST)

High Nessus Plugin ID 69020


The remote web server is affected by multiple vulnerabilities.


According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to It is, therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)

- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution.

- Numerous, unspecified errors could allow remote denial of service attacks. (CVE-2012-2110, CVE-2012-2329, CVE-2012-2336, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360)

- The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution are still possible.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.
(CVE-2012-2311, CVE-2012-2335)

- Unspecified errors exist that could allow unauthorized access. (CVE-2012-5217, CVE-2013-2355)

- Unspecified errors exist that could allow disclosure of sensitive information. (CVE-2013-2356, CVE-2013-2363)

- An unspecified error exists that could allow cross-site scripting attacks. (CVE-2013-2361)

- Unspecified errors exist that could allow a local attacker to cause denial of service conditions.
(CVE-2013-2362, CVE-2013-2364)

- An as-yet unspecified vulnerability exists that could cause a denial of service condition. (CVE-2013-4821)


Upgrade to HP System Management Homepage or later.

See Also






Plugin Details

Severity: High

ID: 69020

File Name: hpsmh_7_2_1_0.nasl

Version: $Revision: 1.12 $

Type: remote

Family: Web Servers

Published: 2013/07/23

Modified: 2016/12/21

Dependencies: 10746

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/21

Vulnerability Publication Date: 2011/08/31

Exploitable With

Core Impact

Metasploit (PHP apache_request_headers Function Buffer Overflow)

Reference Information

CVE: CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-4821

BID: 49778, 53046, 53158, 53388, 53455, 61332, 61333, 61335, 61336, 61337, 61338, 61339, 61340, 61341, 61342, 61343, 62622

OSVDB: 74829, 81223, 81359, 81633, 82213, 82215, 95481, 95482, 95483, 95484, 95485, 95486, 95487, 95488, 95489, 95490, 95491, 97547

CERT: 895524

HP: HPSBMU02900, SSRT100740, SSRT101209, SSRT101210, SSRT100992, SSRT100992, SSRT100992, SSRT100992, SSRT101137, SSRT100696, SSRT100835, SSRT100907, SSRT100907, SSRT100907, SSRT100907, SSRT101007, SSRT101076, SSRT101150, SSRT101151, SSRT101254, emr_na-c03839862

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990