PT-2010-3256 · Hewlett Packard · Hp System Management Homepage

Aung Khant

Published

2010-04-28

Updated

2017-08-17

CVE-2010-1586

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions HP System Management Homepage (SMH) versions 2.x.x.x

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter in the red2301.html file. This can lead to phishing attacks.

Recommendations For HP System Management Homepage (SMH) versions 2.x.x.x, consider restricting access to the RedirectUrl parameter in the red2301.html file to minimize the risk of exploitation. Avoid using the RedirectUrl parameter in the affected file until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-1586

Affected Products

Hp System Management Homepage

PT-2010-3256 · Hewlett Packard · Hp System Management Homepage

CVE-2010-1586

Weakness Enumeration

Related Identifiers

Affected Products

References · 6