Summary
This host is running HP SiteScope and is prone to cross-site scripting and session fixation vulnerabilities.
Impact
Successful exploitation could allow execution of scripts or actions written by an attacker. In addition, an attacker may conduct session fixation attacks to hijack the target user's session.
Impact Level: Application
Solution
Apply the patch from below link,
For updates refer to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969
*****
NOTE : Ignore this warning if above mentioned patch is applied already.
*****
Insight
Multiple flaws are due to,
- Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.
Affected
HP SiteScope version 9.x, 10.x, and 11.x
References
Severity
Classification
-
CVE CVE-2011-2400, CVE-2011-2401 -
CVSS Base Score: 8.3
AV:N/AC:M/Au:N/C:C/I:P/A:P
Related Vulnerabilities