HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)

Critical Nessus Plugin ID 91222

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities :

- A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750)

- A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user's browser session.
(CVE-2011-4969)

- A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)

- A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)

- An out-of-bounds read error exists in cURL and libcurl within the smb_request_state() function due to improper bounds checking. An unauthenticated, remote attacker can exploit this, using a malicious SMB server and crafted length and offset values, to disclose sensitive memory information or to cause a denial of service condition. (CVE-2015-3237)

- A flaw exists in libxslt in the xsltStylePreCompute() function within file preproc.c due to a failure to check if the parent node is an element. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition. (CVE-2015-7995)

- An infinite loop condition exists in the xz_decomp() function within file xzlib.c when handling xz compressed XML content due to a failure to detect compression errors. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition. (CVE-2015-8035)

- A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705)

- An out-of-bounds read error exists in the fmtstr() function within file crypto/bio/b_print.c when printing very long strings due to a failure to properly calculate string lengths. An unauthenticated, remote attacker can exploit this, via a long string, to cause a denial of service condition, as demonstrated by a large amount of ASN.1 data. (CVE-2016-0799)

- An unspecified flaw exists that allows a local attacker to impact the confidentiality and integrity of the system. No other details are available. (CVE-2016-2015)

- A flaw exists in the doapr_outch() function within file crypto/bio/b_print.c due to a failure to verify that a certain memory allocation succeeds. An unauthenticated, remote attacker can exploit this, via a long string, to cause a denial of service condition, as demonstrated by a large amount of ASN.1 data. (CVE-2016-2842)

Solution

Upgrade to HP System Management Homepage version 7.5.5 or later.

See Also

http://www.nessus.org/u?8d21af70

Plugin Details

Severity: Critical

ID: 91222

File Name: hpsmh_7_5_5.nasl

Version: 1.7

Type: remote

Family: Web Servers

Published: 2016/05/18

Updated: 2019/11/14

Dependencies: 10746, 11936

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2016-2842

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/05/04

Vulnerability Publication Date: 2007/01/03

Reference Information

CVE: CVE-2007-6750, CVE-2011-4969, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0799, CVE-2016-2015, CVE-2016-2842

BID: 21865, 58458, 75387, 77325, 77390, 78623, 78626

HP: emr_na-c05111017, HPSBMU03593