Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-1586 | First vendor Publication | 2010-04-28 |
Vendor | Cve | Last vendor Modification | 2017-08-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-05 | Name : HP System Management Homepage (SMH) 'RedirectUrl' URI Redirection Vulnerability File : nvt/gb_hp_smh_url_redirect_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64146 | HP System Management Homepage (SMH) red2301.html RedirectUrl Parameter Arbitr... HP System Management Homepage contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the RedirectUrl parameter upon submission to the red3201.html. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. This could be leveraged to direct a user to a web page containing attacks that target client side software such as a web browser or document rendering programs. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-17 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:31 |
|
2021-04-22 01:12:06 |
|
2020-05-23 00:25:42 |
|
2017-08-17 09:22:59 |
|
2016-04-26 19:46:18 |
|
2014-02-17 10:55:05 |
|
2013-05-10 23:23:37 |
|