ID CVE-2013-2359
Summary Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.
References
Vulnerable Configurations
  • HP System Management Homepage 7.0
    cpe:2.3:a:hp:system_management_homepage:7.0
  • HP System Management Homepage 7.1
    cpe:2.3:a:hp:system_management_homepage:7.1
  • HP System Management Homepage 7.2
    cpe:2.3:a:hp:system_management_homepage:7.2
CVSS
Base: 4.0 (as of 22-07-2013 - 11:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id HPSMH_7_2_1_0.NASL
description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.2.1.0. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389) - The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution. (CVE-2012-0883) - Numerous, unspecified errors could allow remote denial of service attacks. (CVE-2012-2110, CVE-2012-2329, CVE-2012-2336, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360) - The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution are still possible. Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration. (CVE-2012-2311, CVE-2012-2335) - Unspecified errors exist that could allow unauthorized access. (CVE-2012-5217, CVE-2013-2355) - Unspecified errors exist that could allow disclosure of sensitive information. (CVE-2013-2356, CVE-2013-2363) - An unspecified error exists that could allow cross-site scripting attacks. (CVE-2013-2361) - Unspecified errors exist that could allow a local attacker to cause denial of service conditions. (CVE-2013-2362, CVE-2013-2364) - An as-yet unspecified vulnerability exists that could cause a denial of service condition. (CVE-2013-4821)
last seen 2019-02-21
modified 2018-11-15
plugin id 69020
published 2013-07-23
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=69020
title HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)
refmap via4
hp
  • HPSBMU02900
  • SSRT100907
Last major update 26-07-2013 - 00:00
Published 22-07-2013 - 07:19
Back to Top