Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

HP system manager/ Server hardware

Posted on 2011-03-03
1
Medium Priority
?
385 Views
Last Modified: 2012-08-13
According to the web server's banner, the version of HP System Management Homepage (SMH) running on the remote host is earlier than 6.2. Such versions are reportedly affected by the following
vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555)
- An attacker may be able to upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. (CVE-2009-4017)
- PHP's 'proc_open' function can be abused to bypass 'safe_mode_allowed_env_vars' and
'safe_mode_protected_env_vars' directives. (CVE-2009-4018)
- PHP does not properly protect session data as relates to interrupt corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143)
- The application allows arbitrary URL redirections. (CVE-2010-1586 and CVE-2010-3283)

- An information disclosure vulnerability exists in Apache's mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects SMH on Windows.
(CVE-2010-2068)

please suggest something
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 56

Accepted Solution

by:
andyalder earned 2000 total points
ID: 35029816
I suggest you ignore it unless you think your local LAN has users on it that are experienced hackers.
0

Featured Post

Better audio for more successful meetings

Challenge: S&ME was tired of poor audio quality of Skype for Business calls in mid-sized meeting and training rooms. They were looking for a reliable and cost efficient solution to replace the existing conferencing system.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question