HP System Management Homepage (SMH) 'RedirectUrl' URI Redirection Vulnerability Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to URL redirection vulnerability.

Impact

Successful exploitation will allow remote attackers to redirect to his choice of malicious site via the trusted vulnerable SMH url or aid in phishing attacks. Impact Level: Application

Solution

Upgrade HP System Management Homepage version to 6.2 or later For updates refer to http://www.hp.com/servers/manage/smh

Insight

Input data passed to the 'RedirectUrl' parameter in 'red2301.html' is not being properly validated.

Affected

HP System Management Homepage (SMH) version 2.x.

References

http://xforce.iss.net/xforce/xfdb/58107
http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SysMgmtWeb

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1586

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Directory Traversal Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Tomcat Directory Listing and File disclosure
Apache Open For Business HTML injection vulnerability

Take action and discover your vulnerabilities