Summary
This host is running HP System Management Homepage (SMH) and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to steal cookie-based authentication credentials and execute arbitrary script on the user's web browser by injecting web script or HTML vi remote vectors.
Solution
Upgrade to version 3.0.1.73 or later,
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065
Insight
HP System Management Homepage application fails to validate user supplied input.
Affected
HP System Management Homepage versions prior to 3.0.1.73 on all platforms.
References
Severity
Classification
-
CVE CVE-2009-1418 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities June-09
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability