search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

HP System Management Homepage cross-site scripting vulnerability

Vulnerability Note VU#292457

Original Release Date: 2007-06-05 | Last Revised: 2007-06-05

Overview

The HP System Management Homepage contains a cross-site scripting vulnerability.

Description

The HP System Management Homepage (SMH) server is a web-based interface that can manage HP servers running the Microsoft Windows or Linux operating systems.

The SMH contains an unspecified cross-site scripting vulnerability.

Impact

An attacker may be able to obtain sensitive data, corrupt or steal cookies, or take any action that the SMH server can.

Solution

Upgrade
HP has released SMH version 2.1.8-17 to address this issue.


Restrict access

Restricting network access to the SMH server using a firewall or access control lists may mitigate this vulnerability.

Vendor Information

292457
 
Expand all

Hewlett-Packard Company Affected

Updated:  June 05, 2007

Status

Affected

Vendor Statement

Please refer to the following HP Security Bulletin:

HPSBMA02216 SSRT071310 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)

The Security Bulletin is available from the following URL's:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01056592
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01056592

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to HP for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 0.13
Date Public: 2007-06-05
Date First Published: 2007-06-05
Date Last Updated: 2007-06-05 23:24 UTC
Document Revision: 12

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis