 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804858 |
| Categoría: | Web application abuses |
| Título: | HP System Management Homepage Multiple Vulnerabilities - Oct14 |
| Resumen: | This host is running HP System Management; Homepage (SMH) and is prone to multiple vulnerabilities. |
| Descripción: | Summary: This host is running HP System Management Homepage (SMH) and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are exists due to: - An error as HTTP requests to certain scripts do not require multiple steps, explicit confirmation, or a unique token when performing sensitive actions. - An error as application does not validate user-supplied input. - An unspecified error. Vulnerability Impact: Successful exploitation will allow remote attackers to perform clickjacking attacks, perform a Cross-Site Request Forgery attack or execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: HP System Management Homepage (SMH) before version 7.4 Solution: Upgrade to HP System Management Homepage (SMH) 7.4 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
BugTraq ID: 70208 Common Vulnerability Exposure (CVE) ID: CVE-2014-2640 CERT/CC vulnerability note: VU#125228 http://www.kb.cert.org/vuls/id/125228 HPdes Security Advisory: HPSBMU03112 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 HPdes Security Advisory: SSRT101438 HPdes Security Advisory: SSRT101633 http://www.securitytracker.com/id/1030960 Common Vulnerability Exposure (CVE) ID: CVE-2014-2641 Common Vulnerability Exposure (CVE) ID: CVE-2014-2642 HPdes Security Advisory: SSRT101701 |
| Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |