This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2016-05-21
Product System Management Homepage Last view 2018-02-15
Version 7.5.5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:system_management_homepage

Activity : Overall

Related : CVE

  Date Alert Description
5.6 2018-02-15 CVE-2017-12553

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12552

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12551

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12550

A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12549

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12548

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12547

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12546

A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

7.5 2018-02-15 CVE-2017-12545

A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.4 2018-02-15 CVE-2017-12544

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

7.5 2016-10-28 CVE-2016-4396

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

7.5 2016-10-28 CVE-2016-4395

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

6.5 2016-10-28 CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

5.4 2016-10-28 CVE-2016-4393

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

8.1 2016-07-18 CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

8.1 2016-07-18 CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

8.1 2016-07-18 CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

9.8 2016-05-21 CVE-2016-4543

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CWE : Common Weakness Enumeration

%idName
33% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (3) CWE-284 Access Control (Authorization) Issues
16% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (1) CWE-476 NULL Pointer Dereference
8% (1) CWE-287 Improper Authentication
8% (1) CWE-254 Security Features

Snort® IPS/IDS

Date Description
2019-09-05 HPE System Management Homepage cross site scripting attempt
RuleID : 50887 - Type : SERVER-WEBAPP - Revision : 1
2019-09-05 HPE System Management Homepage cross site scripting attempt
RuleID : 50886 - Type : SERVER-WEBAPP - Revision : 1
2017-08-15 HPE System Management Homepage buffer overflow attempt
RuleID : 43545 - Type : SERVER-WEBAPP - Revision : 3
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-11-03 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2017-004.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_6_1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: An enterprise management application installed on the remote host is affected...
File: oracle_enterprise_manager_jul_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The Tenable SecurityCenter application on the remote host contains a web serv...
File: securitycenter_apache_2_4_25.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1049.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2016-1030.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_12_4.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: securitycenter_5_4_3_tns_2017_04.nasl - Type: ACT_GATHER_INFO
2017-02-03 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3177-2.nasl - Type: ACT_GATHER_INFO
2017-01-24 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3177-1.nasl - Type: ACT_GATHER_INFO
2017-01-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-36.nasl - Type: ACT_GATHER_INFO
2017-01-12 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_4_25.nasl - Type: ACT_GATHER_INFO
2017-01-12 Name: The remote web server is affected by multiple vulnerabilities.
File: apache_2_2_32.nasl - Type: ACT_GATHER_INFO
2016-12-27 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-358-01.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_862d6ab3c75e11e69f9820cf30e32f6d.nasl - Type: ACT_GATHER_INFO
2016-12-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-749.nasl - Type: ACT_GATHER_INFO
2016-12-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-749.nasl - Type: ACT_GATHER_INFO
2016-12-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1440.nasl - Type: ACT_GATHER_INFO
2016-12-01 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-22.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Fedora host is missing a security update.
File: fedora_2016-38e5b05260.nasl - Type: ACT_GATHER_INFO
2016-11-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-4094bd4ad6.nasl - Type: ACT_GATHER_INFO
2016-11-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-c1b01b9278.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote web server is affected by a remote code execution vulnerability.
File: hpsmh_setsmhdata_rce.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2016-11-09 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_6.nasl - Type: ACT_GATHER_INFO