You are here

U-201: HP System Management Homepage Bugs Let Remote Users Deny Service

June 28, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability was reported in HP System Management Homepage.

PLATFORM:

Version(s): prior to 7.1.1

ABSTRACT:

The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.

Reference links:

Original Advisory
Security Tracker ID 1027209
CVE-2012-2012, CVE-2012-2013, CVE-2012-2014
CVE-2012-2015, CVE-2012-2016

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in HP System Management Homepage. A remote authenticated user can gain elevated privileges. A remote authenticated user can obtain information. A remote user can cause denial of service conditions. A local user can obtain and modify information.

A local user can exploit the AUTOCOMPLETE feature to obtain and modify information [CVE-2012-2012].
A remote user can cause denial of service conditions [CVE-2012-2013].
A remote authenticated user can exploit an input validation flaw with unspecified impact [CVE-2012-2014].
A remote authenticated user can gain elevated privileges [CVE-2012-2015].
A remote authenticated user can obtain information [CVE-2012-2016].

Impact:

Denial of service via network, disclosure of system information, disclosure of user information, execution of arbitrary code via network, modification of user information, user access via network

Solution:

The vendor has issued a fix (7.1.1).

Addthis