PT-2010-3256 · Hewlett Packard · Hp System Management Homepage

Aung Khant

Publicado

2010-04-28

Atualizado

2017-08-17

CVE-2010-1586

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions HP System Management Homepage (SMH) versions 2.x.x.x

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter in the red2301.html file. This can lead to phishing attacks.

Recommendations For HP System Management Homepage (SMH) versions 2.x.x.x, consider restricting access to the RedirectUrl parameter in the red2301.html file to minimize the risk of exploitation. Avoid using the RedirectUrl parameter in the affected file until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2010-1586

Produtos afetados

Hp System Management Homepage

PT-2010-3256 · Hewlett Packard · Hp System Management Homepage

CVE-2010-1586

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6