HP System Management Homepage (SMH) AddXECert Remote DoS

low Nessus Plugin ID 90624

Synopsis

The remote web server is affected by a denial of service vulnerability.

Description

The HP System Management Homepage (SMH) application running on the remote web server is affected by a denial of service vulnerability due to improper handling of the Common Name in a certificate uploaded via /proxy/AddXECert. An unauthenticated, remote attacker can exploit this, via a crafted certificate, to cause a denial of service condition.

For the exploit to work, the 'Trust Mode' setting must be configured with 'Trust All', the 'IP Restricted login' setting must allow the attacker to access SMH, and the 'Kerberos Authorization' (Windows only) setting must be disabled.

Note that this plugin attempts to upload a certificate to the remote SMH server, and the certificate is stored in <SMH_INSTALLATION_DIR>/certs/. Nessus will attempt to delete the certificate later. The user is advised to delete the certificate if Nessus fails to do so. The uploaded certificate should appear under Settings->SMH->Security->Trusted Management Servers in the SMH web GUI, which the user can use to delete the certificate.

Additionally, note that the SMH running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.

Solution

Upgrade to HP System Management Homepage (SMH) version 7.5.4 or later.

See Also

http://www.nessus.org/u?d91095a9

Plugin Details

Severity: Low

ID: 90624

File Name: hpsmh_addcert_bad_cn.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 4/21/2016

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh, www/compaq

Patch Publication Date: 3/15/2016

Vulnerability Publication Date: 3/15/2016

Reference Information

HP: HPSBMU03546, emr_na-c05045763