10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
According to the web server’s banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities :
The bundled version of the libxml2 library contains multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834)
The bundled version of PHP contains multiple vulnerabilities. (CVE-2011-3379, CVE-2011-4153, CVE-2011-4885, CVE-2012-1823, CVE-2012-0057, CVE-2012-0830)
The bundled version of the Apache HTTP Server contains multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317, CVE-2011-4415, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053)
An issue exists in the ‘include/iniset.php’ script in the embedded RoundCube Webmail version that could lead to a denial of service. (CVE-2011-4078)
The bundled version of OpenSSL contains multiple vulnerabilities. (CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-1165)
The bundled version of curl and libcurl does not properly consider special characters during extraction of a pathname from a URL. (CVE-2012-0036)
An off autocomplete attribute does not exist for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. (CVE-2012-2012)
An unspecified vulnerability exists that could allow a remote attacker to cause a denial of service, or possibly obtain sensitive information or modify data.
(CVE-2012-2013)
An unspecified vulnerability exists related to improper input validation. (CVE-2012-2014)
An unspecified vulnerability allows remote, unauthenticated users to gain privileges and obtain sensitive information. (CVE-2012-2015)
An unspecified vulnerability allows local users to obtain sensitive information via unknown vectors.
(CVE-2012-2016)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(59851);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2011-1944",
"CVE-2011-2821",
"CVE-2011-2834",
"CVE-2011-3379",
"CVE-2011-3607",
"CVE-2011-4078",
"CVE-2011-4108",
"CVE-2011-4153",
"CVE-2011-4317",
"CVE-2011-4415",
"CVE-2011-4576",
"CVE-2011-4577",
"CVE-2011-4619",
"CVE-2011-4885",
"CVE-2012-0021",
"CVE-2012-0027",
"CVE-2012-0031",
"CVE-2012-0036",
"CVE-2012-0053",
"CVE-2012-0057",
"CVE-2012-0830",
"CVE-2012-1165",
"CVE-2012-1823",
"CVE-2012-2012",
"CVE-2012-2013",
"CVE-2012-2014",
"CVE-2012-2015",
"CVE-2012-2016"
);
script_bugtraq_id(
48056,
49754,
50402,
50494,
50639,
50802,
51193,
51281,
51407,
51417,
51665,
51705,
51706,
51806,
51830,
52764,
53388,
54218
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_name(english:"HP System Management Homepage < 7.1.1 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
7.1.1 and is, therefore, reportedly affected by the following
vulnerabilities :
- The bundled version of the libxml2 library contains
multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821,
CVE-2011-2834)
- The bundled version of PHP contains multiple
vulnerabilities. (CVE-2011-3379, CVE-2011-4153,
CVE-2011-4885, CVE-2012-1823, CVE-2012-0057,
CVE-2012-0830)
- The bundled version of the Apache HTTP Server contains
multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317,
CVE-2011-4415, CVE-2012-0021, CVE-2012-0031,
CVE-2012-0053)
- An issue exists in the 'include/iniset.php' script in
the embedded RoundCube Webmail version that could lead
to a denial of service. (CVE-2011-4078)
- The bundled version of OpenSSL contains multiple
vulnerabilities. (CVE-2011-4108, CVE-2011-4576,
CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,
CVE-2012-1165)
- The bundled version of curl and libcurl does not
properly consider special characters during extraction
of a pathname from a URL. (CVE-2012-0036)
- An off autocomplete attribute does not exist for
unspecified form fields, which makes it easier for
remote attackers to obtain access by leveraging an
unattended workstation. (CVE-2012-2012)
- An unspecified vulnerability exists that could allow a
remote attacker to cause a denial of service, or
possibly obtain sensitive information or modify data.
(CVE-2012-2013)
- An unspecified vulnerability exists related to improper
input validation. (CVE-2012-2014)
- An unspecified vulnerability allows remote,
unauthenticated users to gain privileges and obtain
sensitive information. (CVE-2012-2015)
- An unspecified vulnerability allows local users to
obtain sensitive information via unknown vectors.
(CVE-2012-2016)");
# http://web.archive.org/web/20130927061716/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03360041
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d07467b6");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523320/30/0/threaded");
script_set_attribute(attribute:"solution", value:
"Upgrade to HP System Management Homepage 7.1.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2012");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'PHP CGI Argument Injection');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("compaq_wbem_detect.nasl");
script_require_keys("www/hp_smh");
script_require_ports("Services/www", 2301, 2381);
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:2381, embedded:TRUE);
install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);
dir = install['dir'];
version = install['ver'];
prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant");
if (version == UNKNOWN_VER)
exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.');
# nb: 'version' can have non-numeric characters in it so we'll create
# an alternate form and make sure that's safe for use in 'ver_compare()'.
version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version);
if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt))
exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').');
fixed_version = '7.1.1.1';
if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
source_line = get_kb_item("www/"+port+"/hp_smh/source");
report = '\n Product : ' + prod;
if (!isnull(source_line))
report += '\n Version source : ' + source_line;
report +=
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version + '\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
Vendor | Product | Version | CPE |
---|---|---|---|
hp | system_management_homepage | cpe:/a:hp:system_management_homepage |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2016
www.nessus.org/u?d07467b6
www.securityfocus.com/archive/1/523320/30/0/threaded