|
[Japanese]
|
JVNDB-2009-000029
|
HP System Management Homepage vulnerable to cross-site scripting
|
|
HP System Management Homepage (SMH) from Hewlett-Packard contains a cross-site scripting vulnerability.
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers.
SMH contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#19240523.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
|
|
Base Metrics:
4.3 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Hewlett-Packard Development Company, L.P
- HP System Management Homepage (SMH) versions before v3.0.1.73 (Linux and Windows Server 2003, 2008)
|
|
An arbitrary script may be executed on the user's web browser.
|
|
Apply the latest update provided by the vendor.
The update for each operating system is as follows.
* HP System Management Homepage for Linux (x86) v3.0.1.73
* HP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73
* HP System Management Homepage for Windows v3.0.1.73
For more information, refer to the vendor's website.
|
|
Hewlett-Packard Development Company, L.P
|
|
- JVN : JVN#02331156
- National Vulnerability Database (NVD) : CVE-2009-1418
- Common Vulnerabilities and Exposures (CVE) : CVE-2009-1418
- SecurityTracker : 1022242
- Common Weakness Enumeration (CWE) : Cross-site scripting (CWE-79) [IPA Evaluation]
- JVN iPedia (Japanese) : JVNDB-2009-000029
|
|
[2009/05/20]
Web page published
|
|
| 2009/05/20 |
| 2009/05/20 |
| 2009/05/20 |
|
