Executive Summary
Summary | |
---|---|
Title | HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) |
Informations | |||
---|---|---|---|
Name | HPSBMA02553 SSRT100184 | First vendor Publication | 2010-07-12 |
Vendor | HP | Last vendor Modification | 2010-07-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF), cross site scripting (XSS), and unauthorized access to data. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02282388 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:291 (jetty5) File : nvt/mdksa_2009_291.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5500 (jetty) File : nvt/fcore_2009_5500.nasl |
2009-06-05 | Name : Fedora Core 11 FEDORA-2009-5509 (jetty) File : nvt/fcore_2009_5509.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5513 (jetty) File : nvt/fcore_2009_5513.nasl |
2009-05-04 | Name : Jetty Cross Site Scripting and Information Disclosure Vulnerabilities File : nvt/jetty_34800.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66304 | HP Insight Control Server Migration Unspecified Information Disclosure |
66303 | HP Insight Control Server Migration Unspecified CSRF |
54187 | Jetty Directory Listing Semicolon Character XSS Jetty contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate content preceding a ";" for directory listing URLs. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
54186 | Jetty HTTP Server Document Root Traversal Arbitrary File Access Jetty contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the ResourceHandler and DefaultServlet's alias handling not properly sanitizing user input, specifically directory traversal style attacks (../../). |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-08-24 | Name : The remote web server has a cross-site scripting vulnerability. File : hadoop_jetty_xss.nasl - Type : ACT_GATHER_INFO |
2011-02-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_VMSA-2010-0012.nasl - Type : ACT_GATHER_INFO |
2010-07-29 | Name : The remote web server has a cross-site scripting vulnerability. File : vmware_vcenter_update_mgr_xss.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_jetty5-091109.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-291.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5500.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5509.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5513.nasl - Type : ACT_GATHER_INFO |