HP System Management Homepage Bugs Let Remote Users Deny Service and Remote Authenticated Users Obtain Information and Gain Elevated Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > HP System Management Homepage

Vendors: HP (Compaq)

HP System Management Homepage Bugs Let Remote Users Deny Service and Remote Authenticated Users Obtain Information and Gain Elevated Privileges

SecurityTracker Alert ID: 1027209

SecurityTracker URL: http://securitytracker.com/id/1027209

CVE Reference: CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016 (Links to External Site)

Date: Jun 27 2012

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 7.1.1

Description: A vulnerability was reported in HP System Management Homepage. A remote authenticated user can gain elevated privileges. A remote authenticated user can obtain information. A remote user can cause denial of service conditions. A local user can obtain and modify information.

A local user can exploit the AUTOCOMPLETE feature to obtain and modify information [CVE-2012-2012].

A remote user can cause denial of service conditions [CVE-2012-2013].

A remote authenticated user can exploit an input validation flaw with unspecified impact [CVE-2012-2014].

A remote authenticated user can gain elevated privileges [CVE-2012-2015].

A remote authenticated user can obtain information [CVE-2012-2016].

Impact: A remote authenticated user can gain elevated privileges.

A remote user can cause denial of service conditions.

A local user can obtain and modify information on the target system.

A remote authenticated user can obtain information.

Solution: The vendor has issued a fix (7.1.1).

The vendor's advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Vendor URL: h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 27 Jun 2012 15:38:06 +0000
Subject: HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code


http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),
CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation),
CVE-2012-2016 (Information disclosure),

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC