HP System Management Homepage < 3.0.1.73 Multiple Flaws

medium Nessus Plugin ID 38832

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 3.0.1.73. Such versions are reportedly affected by multiple flaws :

- A weakness in PHP could be exploited to perform cross- site scripting attacks, provided PHP directive 'display errors' is enabled. (CVE-2008-5814)

- A vulnerability in OpenSSL versions prior to 0.9.8i could be exploited to bypass the validation of the certificate chain. (CVE-2008-5077)

- Windows and Linux versions of SMH are affected by a cross-site scripting vulnerability. (CVE-2009-1418)

Solution

Upgrade to HP System Management Homepage 3.0.1.73 or later.

See Also

http://www.nessus.org/u?5252a6f9

http://www.nessus.org/u?e2a507a8

Plugin Details

Severity: Medium

ID: 38832

File Name: hpsmh_3_0_1_73.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 5/20/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2009

Reference Information

CVE: CVE-2008-5077, CVE-2008-5814, CVE-2009-1418

BID: 35031

CWE: 20, 79

SECUNIA: 35108