|
[Japanese]
|
JVNDB-2007-000420
|
HP System Management Homepage cross-site scripting vulnerability
|
|
A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage (SMH).
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH.
It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting vulnerability.
The vendor recommends users to upgrade to SMH, as Compaq System Management Homepage is an outdated product and is no longer available. For more information, refer to the vendor's website.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Hewlett-Packard Development Company, L.P
- HP System Management Homepage earlier than 2.1.2 (Windows and Linux versions)
|
|
|
An arbitrary script may be executed on the user's web browser.
|
|
[Update the software]
Apply the latest updates provided by the vendor.
The vendor recommends that users of Compaq System Management Homepage, the product previous to SMH, upgrade to SMH. For more information, refer to the vendor's website.
|
|
Hewlett-Packard Development Company, L.P
|
|
|
|
- CVE-2007-3062
|
|
- JVN : JVN#19240523
- National Vulnerability Database (NVD) : CVE-2007-3062
- JPCERT REPORT : JPCERT-WR-2007-2101 (Japanese)
- US-CERT Vulnerability Note : VU#292457
- Secunia Advisory : SA25493
- SecurityFocus : 24256
- ISS X-Force Database : 34656
- SecurityTracker : 1018179
- FrSIRT Advisories : FrSIRT/ADV-2007-2013
|
|
- [2008/05/21]
Web page published
|
