Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.HP_NNMI_HPSBMU03035-RHEL.NASL
HistoryDec 08, 2014 - 12:00 a.m.

HP Network Node Manager i (NNMi) XSS (HPSBMU03035)

2014-12-0800:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by an XSS vulnerability.

Note that Nessus did not check for the presence of a patch.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79799);
  script_version("1.4");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2013-6220");
  script_bugtraq_id(67314,67305);
  script_xref(name:"HP", value:"HPSBMU03035");
  script_xref(name:"HP", value:"SSRT101479");
  script_xref(name:"HP", value:"emr_na-c04273695");

  script_name(english:"HP Network Node Manager i (NNMi) XSS (HPSBMU03035)");
  script_summary(english:"Checks the version of HP Network Node Manager i.");

  script_set_attribute(attribute:"synopsis", value:"The remote host is potentially affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of HP Network Node Manager i (NNMi) installed on the
remote host is a version that is potentially affected by an XSS
vulnerability.

Note that Nessus did not check for the presence of a patch.");

  # https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04273695
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42c03506");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 10.0 or apply the hotfix referenced in the vendor
advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/08");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:network_node_manager_i");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("hp_nnmi_installed_nix.nasl");
  script_require_keys("Settings/ParanoidReport","installed_sw/HP Network Node Manager i","Host/RedHat/release","Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

# Boiler plate RHEL
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "ppc" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

app_name = "HP Network Node Manager i";
install  = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
ver      = install["version"];
path     = install["path"   ];
port     = 0;

if (ver !~ "^9\.(00?|10|20)(\.|$)") audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);

# We don't check if the hotfix has been applied.
if (report_paranoia < 2) audit(AUDIT_PARANOID);

set_kb_item(name:'www/'+port+'/XSS', value:TRUE);

if (report_verbosity > 0)
{
  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + ver  +
    '\n  Fixed version     : 10.0' +
    '\n';
  security_warning(port:port, extra:report);
}
else security_warning(port);
VendorProductVersionCPE
hpnetwork_node_manager_icpe:/a:hp:network_node_manager_i

Related

securityvulns 2
prion 1
nessus 1
cve 1
securityvulns
securityvulns
[security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting &#40;XSS&#41;
2014-05-10 00:00:00
HP Network Node Manager crossite scripting
2014-05-10 00:00:00
prion
prion
Cross site scripting
2014-05-10 01:55:00
nessus
nessus
HP Network Node Manager i (NNMi) XSS (HPSBMU03035)
2014-12-08 00:00:00
cve
cve
CVE-2013-6220
2014-05-10 01:55:00
JSON
Related for HP_NNMI_HPSBMU03035-RHEL.NASL
securityvulns2prion1nessus1cve1