HP System Management Homepage Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow attackers to perform certain unspecified actions when a logged-in user visits a specially crafted web page. Impact Level: Application

Solution

Upgrade to HP System Management Homepage (SMH) 7.3 or later, http://h18013.www1.hp.com/products/servers/management/agents/index.html

Insight

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests.

Affected

HP System Management Homepage (SMH) version 7.1 through 7.2.2

Detection

Get the installed version of HP SMH with the help of detect NVT and check it is vulnerable or not.

References

http://seclists.org/bugtraq/2014/Mar/61
http://secunia.com/advisories/57365
http://www.osvdb.org/104376

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6188

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat TroubleShooter Servlet Installed
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Tomcat Information Disclosure Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities