Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 Tenable Network Security, Inc.HPSMH_7_0_0_24.NASL
HistoryApr 20, 2012 - 12:00 a.m.

HP System Management Homepage < 7.0 Multiple Vulnerabilities

2012-04-2000:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
105
JSON

According to the web server’s banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities :

  • An error exists in the ‘generate-id’ function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195)

  • An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846)

  • Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors.
    (CVE-2012-0135, CVE-2012-1993)

  • The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)

  • The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639)

  • OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities.
    (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210)

  • Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities.
    (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58811);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2009-0037",
    "CVE-2010-0734",
    "CVE-2010-1452",
    "CVE-2010-1623",
    "CVE-2010-2068",
    "CVE-2010-2791",
    "CVE-2010-3436",
    "CVE-2010-4409",
    "CVE-2010-4645",
    "CVE-2011-0014",
    "CVE-2011-0195",
    "CVE-2011-0419",
    "CVE-2011-1148",
    "CVE-2011-1153",
    "CVE-2011-1464",
    "CVE-2011-1467",
    "CVE-2011-1468",
    "CVE-2011-1470",
    "CVE-2011-1471",
    "CVE-2011-1928",
    "CVE-2011-1938",
    "CVE-2011-1945",
    "CVE-2011-2192",
    "CVE-2011-2202",
    "CVE-2011-2483",
    "CVE-2011-3182",
    "CVE-2011-3189",
    "CVE-2011-3192",
    "CVE-2011-3207",
    "CVE-2011-3210",
    "CVE-2011-3267",
    "CVE-2011-3268",
    "CVE-2011-3348",
    "CVE-2011-3368",
    "CVE-2011-3639",
    "CVE-2011-3846",
    "CVE-2012-0135",
    "CVE-2012-1993"
  );
  script_bugtraq_id(
    33962,
    38162,
    40827,
    41963,
    42102,
    43673,
    44723,
    45119,
    45668,
    46264,
    46843,
    46854,
    46968,
    46969,
    46975,
    46977,
    47668,
    47820,
    47888,
    47929,
    47950,
    48259,
    48434,
    49241,
    49249,
    49303,
    49376,
    49469,
    49471,
    49616,
    49957,
    52974,
    53121
  );

  script_name(english:"HP System Management Homepage < 7.0 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
7.0.  As such, it is reportedly affected by the following
vulnerabilities :

 - An error exists in the 'generate-id' function in the
   bundled libxslt library that can allow disclosure of
   heap memory addresses. (CVE-2011-0195)

 - An unspecified input validation error exists and can
   allow cross-site request forgery attacks. (CVE-2011-3846)

 - Unspecified errors can allow attackers to carry out 
   denial of service attacks via unspecified vectors.
   (CVE-2012-0135, CVE-2012-1993)

 - The bundled version of PHP contains multiple
   vulnerabilities. (CVE-2010-3436, CVE-2010-4409,
   CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,
   CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,
   CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,
   CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,
   CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)

 - The bundled version of Apache contains multiple
   vulnerabilities. (CVE-2010-1452, CVE-2010-1623,
   CVE-2010-2068,  CVE-2010-2791, CVE-2011-0419,
   CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,
   CVE-2011-3368, CVE-2011-3639)

 - OpenSSL libraries are contained in several of the
   bundled components and contain multiple vulnerabilities.
   (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,
   CVE-2011-3207,CVE-2011-3210)

 - Curl libraries are contained in several of the bundled
   components and contain multiple vulnerabilities.
   (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)");
  # http://web.archive.org/web/20130916143957/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03280632
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?106ec533");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP System Management Homepage 7.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-14-410");
  script_cwe_id(352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");

  script_dependencies("compaq_wbem_detect.nasl");
  script_require_keys("www/hp_smh");
  script_require_ports("Services/www", 2301, 2381);

  exit(0);
}


include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");


port    = get_http_port(default:2381, embedded:TRUE);
install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);
dir     = install['dir'];
version = install['ver'];
prod    = get_kb_item_or_exit("www/"+port+"/hp_smh/variant");

if (version == UNKNOWN_VER) 
  exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.');

# nb: 'version' can have non-numeric characters in it so we'll create 
#     an alternate form and make sure that's safe for use in 'ver_compare()'.
version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version);
if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt))
  exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').');

fixed_version = '7.0.0.24';
if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
  if (report_verbosity > 0)
  {
    source_line = get_kb_item("www/"+port+"/hp_smh/source");

    report = '\n  Product           : ' + prod;
    if (!isnull(source_line)) 
      report += '\n  Version source    : ' + source_line;
    report += 
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);

  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
VendorProductVersionCPE
hpsystem_management_homepagecpe:/a:hp:system_management_homepage

References

Related

openvas 76
nessus 68
suse 5
fedora 9
securityvulns 7
freebsd 2
slackware 2
amazon 2
oraclelinux 3
debian 5
redhat 4
centos 3
ubuntu 2
gentoo 1
prion 3
cve 3
ubuntucve 2
osv 1
threatpost 1
openvas
openvas
Mandriva Update for php MDVSA-2011:165 (php)
2011-11-08 00:00:00
Mandriva Update for php MDVSA-2011:165 (php)
2011-11-08 00:00:00
Fedora Update for php FEDORA-2011-11464
2012-03-19 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2011:165)
2011-11-04 00:00:00
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
2011-08-22 00:00:00
Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)
2011-09-19 00:00:00
suse
suse
Security update for apache2 (important)
2011-11-09 19:08:34
apache2: Fixed several security issues (important)
2011-11-04 09:08:34
Security update for Apache2 (important)
2011-11-04 09:08:25
fedora
fedora
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15
2011-09-18 23:00:38
[SECURITY] Fedora 16 Update: php-5.3.8-1.fc16
2011-09-09 17:13:35
[SECURITY] Fedora 14 Update: php-5.3.8-1.fc14
2011-09-18 22:59:22
securityvulns
securityvulns
PHP multiple security vulnerabilities
2011-10-12 00:00:00
[slackware-security] php &#40;SSA:2011-237-01&#41;
2011-08-27 00:00:00
[ MDVSA-2010:153 ] apache
2010-08-19 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-08-18 00:00:00
OpenSSL -- multiple vulnerabilities
2011-09-06 00:00:00
slackware
slackware
[slackware-security] php
2011-08-25 16:35:35
[slackware-security] httpd
2011-10-14 23:59:50
amazon
amazon
Important: php
2011-10-11 00:07:00
Medium: httpd
2011-10-31 18:19:00
oraclelinux
oraclelinux
php53 and php security update
2011-11-02 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
httpd security and bug fix update
2010-08-30 00:00:00
debian
debian
[BSA-060] Security Update for openssl
2011-11-14 04:20:38
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
[SECURITY] [DSA 2298-1] apache2 security update
2011-08-29 21:16:25
redhat
redhat
(RHSA-2011:1391) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
(RHSA-2011:1423) Moderate: php53 and php security update
2011-11-02 00:00:00
(RHSA-2010:0659) Moderate: httpd security and bug fix update
2010-08-30 00:00:00
centos
centos
php53 security update
2011-11-03 03:59:22
httpd, mod_ssl security update
2010-08-31 21:00:21
httpd, mod_ssl security update
2011-10-20 21:19:56
ubuntu
ubuntu
PHP Vulnerabilities
2011-10-18 00:00:00
Apache vulnerabilities
2010-11-25 00:00:00
gentoo
gentoo
Apache Portable Runtime, APR Utility Library: Denial of service
2014-05-18 00:00:00
prion
prion
Design/Logic Flaw
2011-03-20 02:00:00
Authentication flaw
2011-08-25 14:22:00
Buffer overflow
2011-08-25 18:55:00
cve
cve
CVE-2011-3189
2011-08-25 14:22:00
CVE-2011-1467
2011-03-20 02:00:00
CVE-2010-2791
2010-08-05 18:17:00
ubuntucve
ubuntucve
CVE-2011-1467
2011-03-19 00:00:00
CVE-2011-3189
2011-08-25 00:00:00
osv
osv
apache2 - denial of service
2011-09-05 00:00:00
threatpost
threatpost
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
JSON
Related for HPSMH_7_0_0_24.NASL
openvas76nessus68suse5fedora9securityvulns7freebsd2slackware2amazon2oraclelinux3debian5redhat4centos3ubuntu2gentoo1prion3cve3ubuntucve2osv1threatpost1