HP System Management Homepage (SMH) AddXECert Remote DoS
Low Nessus Plugin ID 90624
SynopsisThe remote web server is affected by a denial of service vulnerability.
DescriptionThe HP System Management Homepage (SMH) application running on the remote web server is affected by a denial of service vulnerability due to improper handling of the Common Name in a certificate uploaded via /proxy/AddXECert. An unauthenticated, remote attacker can exploit this, via a crafted certificate, to cause a denial of service condition.
For the exploit to work, the 'Trust Mode' setting must be configured with 'Trust All', the 'IP Restricted login' setting must allow the attacker to access SMH, and the 'Kerberos Authorization' (Windows only) setting must be disabled.
Note that this plugin attempts to upload a certificate to the remote SMH server, and the certificate is stored in <SMH_INSTALLATION_DIR>/certs/. Nessus will attempt to delete the certificate later. The user is advised to delete the certificate if Nessus fails to do so. The uploaded certificate should appear under Settings->SMH->Security->Trusted Management Servers in the SMH web GUI, which the user can use to delete the certificate.
Additionally, note that the SMH running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.
SolutionUpgrade to HP System Management Homepage (SMH) version 7.5.4 or later.