HP System Management Homepage (SMH) AddXECert Remote DoS

Low Nessus Plugin ID 90624


The remote web server is affected by a denial of service vulnerability.


The HP System Management Homepage (SMH) application running on the remote web server is affected by a denial of service vulnerability due to improper handling of the Common Name in a certificate uploaded via /proxy/AddXECert. An unauthenticated, remote attacker can exploit this, via a crafted certificate, to cause a denial of service condition.

For the exploit to work, the 'Trust Mode' setting must be configured with 'Trust All', the 'IP Restricted login' setting must allow the attacker to access SMH, and the 'Kerberos Authorization' (Windows only) setting must be disabled.

Note that this plugin attempts to upload a certificate to the remote SMH server, and the certificate is stored in <SMH_INSTALLATION_DIR>/certs/. Nessus will attempt to delete the certificate later. The user is advised to delete the certificate if Nessus fails to do so. The uploaded certificate should appear under Settings->SMH->Security->Trusted Management Servers in the SMH web GUI, which the user can use to delete the certificate.

Additionally, note that the SMH running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.


Upgrade to HP System Management Homepage (SMH) version 7.5.4 or later.

See Also


Plugin Details

Severity: Low

ID: 90624

File Name: hpsmh_addcert_bad_cn.nasl

Version: $Revision: 1.1 $

Type: remote

Family: Web Servers

Published: 2016/04/21

Modified: 2016/04/21

Dependencies: 11936, 10746

Risk Information

Risk Factor: Low


Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh, www/compaq

Patch Publication Date: 2016/03/15

Vulnerability Publication Date: 2016/03/15

Reference Information

HP: HPSBMU03546, emr_na-c05045763