Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

HP system manager/ Server hardware

Posted on 2011-03-03
1
377 Views
Last Modified: 2012-08-13
According to the web server's banner, the version of HP System Management Homepage (SMH) running on the remote host is earlier than 6.2. Such versions are reportedly affected by the following
vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555)
- An attacker may be able to upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. (CVE-2009-4017)
- PHP's 'proc_open' function can be abused to bypass 'safe_mode_allowed_env_vars' and
'safe_mode_protected_env_vars' directives. (CVE-2009-4018)
- PHP does not properly protect session data as relates to interrupt corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143)
- The application allows arbitrary URL redirections. (CVE-2010-1586 and CVE-2010-3283)

- An information disclosure vulnerability exists in Apache's mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects SMH on Windows.
(CVE-2010-2068)

please suggest something
0
Comment
1 Comment
 
LVL 55

Accepted Solution

by:
andyalder earned 500 total points
ID: 35029816
I suggest you ignore it unless you think your local LAN has users on it that are experienced hackers.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question