- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HPSMH for HP-UX11.23 security flaw
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2012 08:41 AM - last edited on 11-04-2012 07:13 PM by Maiko-I
11-03-2012 08:41 AM - last edited on 11-04-2012 07:13 PM by Maiko-I
HPSMH for HP-UX11.23 security flaw
Hi all,
I'm running "HP System Management Homepage" (HPSMH) on one of our Integrity Servers.
The SW names "SysMgmtWeb A.3.2.1" and the server is a 'rx1620' running HP-UX B.11.23.
Just this morning I got a security complaint from our corporate IT departement (see below).
Has someone an idea how to fix that other than switch off the whole stuff?
***********************************************
Vulnerability Details
Date: Fri 2 Nov 2012 03:38:54 MET
Vuln#: 1CN10815
Vulnerability: Web Server Generic XSS
ToDo: Contact the vendor for a patch or upgrade.
CertRef:
Tool Reference:
http://www.nessus.org/plugins/index.php?view=single&id=10815
Comment:
Counted in:
Monitor:
NessusOutput: Port: 2301/tcp
The request string used to detect this flaw was :
/cgi-bin/?<script>cross_site_scripting.nasl</script>
The output was :
HTTP/1.1 200 OK
Date: Fri Nov 2 04:37:00 MET 2012
Server: HPSMH
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=iso-8859-1
<META HTTP-EQUIV="Expires" CONTENT="0">
<title>System Management Homepage</TITLE>
<meta http-equiv="REFRESH" CONTENT="0;URL=https://blnn721x.ww004.xxxxxxx
.net:2381/cgi-bin/?<script>cross_site_scripting.nasl</script>">
<style>
table.applicationMastheadSmall;table.applicationMastheadSmall td;t [...]
CVE: CVE-2002-1700, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
End of Vulnerability Details
***********************************************
- Tags:
- SMH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2012 01:04 AM
11-08-2012 01:04 AM
Re: HPSMH for HP-UX11.23 security flaw
I would chech the patch status of your server. Especcially the patch status of the web server(s) installed. HP comes with a webserver for the SMH. There may be other webservers, too.
Do you have password protection for your SMH? Is it accessible from a limited subnet only or from everywhere in cour company or even from outside your company?
Considering this, the problem chould be less accute. Talk with your ITdepartment.
Do they want the problem to be solved immediatedly or do they only try to rice awarenes?
Bye
Ralf