According to the web server’s banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities :
An error exists in the ‘generate-id’ function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195)
An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846)
Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors.
(CVE-2012-0135, CVE-2012-1993)
The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)
The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639)
OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities.
(CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210)
Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities.
(CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58811);
script_version("1.27");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2009-0037",
"CVE-2010-0734",
"CVE-2010-1452",
"CVE-2010-1623",
"CVE-2010-2068",
"CVE-2010-2791",
"CVE-2010-3436",
"CVE-2010-4409",
"CVE-2010-4645",
"CVE-2011-0014",
"CVE-2011-0195",
"CVE-2011-0419",
"CVE-2011-1148",
"CVE-2011-1153",
"CVE-2011-1464",
"CVE-2011-1467",
"CVE-2011-1468",
"CVE-2011-1470",
"CVE-2011-1471",
"CVE-2011-1928",
"CVE-2011-1938",
"CVE-2011-1945",
"CVE-2011-2192",
"CVE-2011-2202",
"CVE-2011-2483",
"CVE-2011-3182",
"CVE-2011-3189",
"CVE-2011-3192",
"CVE-2011-3207",
"CVE-2011-3210",
"CVE-2011-3267",
"CVE-2011-3268",
"CVE-2011-3348",
"CVE-2011-3368",
"CVE-2011-3639",
"CVE-2011-3846",
"CVE-2012-0135",
"CVE-2012-1993"
);
script_bugtraq_id(
33962,
38162,
40827,
41963,
42102,
43673,
44723,
45119,
45668,
46264,
46843,
46854,
46968,
46969,
46975,
46977,
47668,
47820,
47888,
47929,
47950,
48259,
48434,
49241,
49249,
49303,
49376,
49469,
49471,
49616,
49957,
52974,
53121
);
script_name(english:"HP System Management Homepage < 7.0 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
7.0. As such, it is reportedly affected by the following
vulnerabilities :
- An error exists in the 'generate-id' function in the
bundled libxslt library that can allow disclosure of
heap memory addresses. (CVE-2011-0195)
- An unspecified input validation error exists and can
allow cross-site request forgery attacks. (CVE-2011-3846)
- Unspecified errors can allow attackers to carry out
denial of service attacks via unspecified vectors.
(CVE-2012-0135, CVE-2012-1993)
- The bundled version of PHP contains multiple
vulnerabilities. (CVE-2010-3436, CVE-2010-4409,
CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,
CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,
CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,
CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,
CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)
- The bundled version of Apache contains multiple
vulnerabilities. (CVE-2010-1452, CVE-2010-1623,
CVE-2010-2068, CVE-2010-2791, CVE-2011-0419,
CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,
CVE-2011-3368, CVE-2011-3639)
- OpenSSL libraries are contained in several of the
bundled components and contain multiple vulnerabilities.
(CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,
CVE-2011-3207,CVE-2011-3210)
- Curl libraries are contained in several of the bundled
components and contain multiple vulnerabilities.
(CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)");
# http://web.archive.org/web/20130916143957/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03280632
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?106ec533");
script_set_attribute(attribute:"solution", value:
"Upgrade to HP System Management Homepage 7.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
script_set_attribute(attribute:"exploithub_sku", value:"EH-14-410");
script_cwe_id(352);
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");
script_dependencies("compaq_wbem_detect.nasl");
script_require_keys("www/hp_smh");
script_require_ports("Services/www", 2301, 2381);
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:2381, embedded:TRUE);
install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);
dir = install['dir'];
version = install['ver'];
prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant");
if (version == UNKNOWN_VER)
exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.');
# nb: 'version' can have non-numeric characters in it so we'll create
# an alternate form and make sure that's safe for use in 'ver_compare()'.
version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version);
if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt))
exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').');
fixed_version = '7.0.0.24';
if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)
{
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
if (report_verbosity > 0)
{
source_line = get_kb_item("www/"+port+"/hp_smh/source");
report = '\n Product : ' + prod;
if (!isnull(source_line))
report += '\n Version source : ' + source_line;
report +=
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version + '\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
Vendor | Product | Version | CPE |
---|---|---|---|
hp | system_management_homepage | cpe:/a:hp:system_management_homepage |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1993
www.nessus.org/u?106ec533