Solved

HP system manager/ Server hardware

Posted on 2011-03-03
1
379 Views
Last Modified: 2012-08-13
According to the web server's banner, the version of HP System Management Homepage (SMH) running on the remote host is earlier than 6.2. Such versions are reportedly affected by the following
vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555)
- An attacker may be able to upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. (CVE-2009-4017)
- PHP's 'proc_open' function can be abused to bypass 'safe_mode_allowed_env_vars' and
'safe_mode_protected_env_vars' directives. (CVE-2009-4018)
- PHP does not properly protect session data as relates to interrupt corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143)
- The application allows arbitrary URL redirections. (CVE-2010-1586 and CVE-2010-3283)

- An information disclosure vulnerability exists in Apache's mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects SMH on Windows.
(CVE-2010-2068)

please suggest something
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 55

Accepted Solution

by:
andyalder earned 500 total points
ID: 35029816
I suggest you ignore it unless you think your local LAN has users on it that are experienced hackers.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question