Showing results for 
Search instead for 
Do you mean 

HPSMH for HP-UX11.23 security flaw

Occasional Advisor

HPSMH for HP-UX11.23 security flaw

[ Edited ]

Hi all,


I'm running "HP System Management Homepage" (HPSMH) on one of our Integrity Servers.

The SW names "SysMgmtWeb  A.3.2.1" and the server is a 'rx1620' running HP-UX B.11.23.


Just this morning I got a security complaint from our corporate IT departement (see below).

Has someone an idea how to fix that other than switch off the whole stuff?




Vulnerability Details


Date: Fri 2 Nov 2012 03:38:54 MET

Vuln#: 1CN10815

Vulnerability: Web Server Generic XSS

ToDo: Contact the vendor for a patch or upgrade.


Tool Reference:


Counted in:


NessusOutput: Port: 2301/tcp

The request string used to detect this flaw was :




The output was :


HTTP/1.1 200 OK

Date: Fri Nov  2 04:37:00 MET 2012

Server: HPSMH

Cache-Control: no-cache

Connection: close

Content-Type: text/html; charset=iso-8859-1




<title>System Management Homepage</TITLE>

<meta http-equiv="REFRESH" CONTENT="0;URL=https://blnn721x.ww004.xxxxxxx



table.applicationMastheadSmall;table.applicationMastheadSmall td;t [...]

CVE: CVE-2002-1700, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681


End of Vulnerability Details


with best regards
P.S. This thread has been moved from Survers > Integrity Servers to HP-UX > security - HP Forums Moderator
Valued Contributor Valued Contributor

Re: HPSMH for HP-UX11.23 security flaw

Hi Matthias,

I would chech the patch status of your server. Especcially the patch status of the web server(s) installed. HP comes with a webserver for the SMH. There may be other webservers, too.

Do you have password protection for your SMH? Is it accessible from a limited subnet only or from everywhere in cour company or even from outside your company?
Considering this, the problem chould be less accute. Talk with your ITdepartment.
Do they want the problem to be solved immediatedly or do they only try to rice awarenes?