HP System Management Homepage Single Sign On Parameter Handling RCE

Critical Nessus Plugin ID 85766


The remote web server is affected by a remote code execution vulnerability.


The HP System Management Homepage (SMH) application running on the remote web server potentially contains an overflow condition in the Single Sign On (SSO) functionality due to improper validation of user-supplied input when handling overly long parameters. A remote attacker could exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.

Note that this plugin attempts to crash the HPSMHD process, but the process can be restarted by a parent process.


Upgrade to HP System Management Homepage (SMH) 7.4.1 or later.

See Also



Plugin Details

Severity: Critical

ID: 85766

File Name: hpsmh_zdi-15-262.nbin

Version: $Revision: 1.23 $

Type: remote

Family: Web Servers

Published: 2015/09/03

Modified: 2018/01/29

Dependencies: 11936, 10746

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh, Settings/ParanoidReport

Patch Publication Date: 2015/02/05

Vulnerability Publication Date: 2015/06/26

Reference Information

CVE: CVE-2015-2133

BID: 75434

OSVDB: 123749, 125014

HP: HPSBMU03375, emr_na-c04743386, SSRT101710