HP System Management Homepage Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to Cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary script on the user's web browser by injecting web script and steal cookie based authentication credentials. Impact Level: Application.

Solution

Upgarde to HP SMH version 6.0.0.96(for windows), 6.0.0-95(for linux), http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727

Insight

The flaw is caused by an input validation error in the 'proxy/smhui/getuiinfo' script when processing the 'servercert' parameter.

Affected

HP System Management Homepage (SMH) versions prior to 6.0 on all platforms.

References

http://marc.info/?l=bugtraq&m=126529736830358&w=2
http://www.securityfocus.com/archive/1/archive/1/509195/100/0/threaded
http://www.vupen.com/english/advisories/2010/0294

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4185

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
AdaptCMS 'init.php' Remote File Include Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability

HP System Management Homepage Cross-site scripting Vulnerability

Take action and discover your vulnerabilities