Solved

HP system manager/ Server hardware

Posted on 2011-03-03
1
375 Views
Last Modified: 2012-08-13
According to the web server's banner, the version of HP System Management Homepage (SMH) running on the remote host is earlier than 6.2. Such versions are reportedly affected by the following
vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555)
- An attacker may be able to upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. (CVE-2009-4017)
- PHP's 'proc_open' function can be abused to bypass 'safe_mode_allowed_env_vars' and
'safe_mode_protected_env_vars' directives. (CVE-2009-4018)
- PHP does not properly protect session data as relates to interrupt corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143)
- The application allows arbitrary URL redirections. (CVE-2010-1586 and CVE-2010-3283)

- An information disclosure vulnerability exists in Apache's mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects SMH on Windows.
(CVE-2010-2068)

please suggest something
0
Comment
1 Comment
 
LVL 55

Accepted Solution

by:
andyalder earned 500 total points
ID: 35029816
I suggest you ignore it unless you think your local LAN has users on it that are experienced hackers.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
USB ports 4 26
Export a GPO and import a GPO 3 45
2012 R2 System Address Space? 2 26
Using VBScript. How to obtain the recomended paging file size? 8 51
This is about my first experience with programming Arduino.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question