HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability

Bugtraq ID:	39676
Class:	Input Validation Error
CVE:	CVE-2010-1586
Remote:	Yes
Local:	No
Published:	Apr 25 2010 12:00AM
Updated:	Apr 13 2015 09:02PM
Credit:	Aung Khant
Vulnerable:	HP System Management Homepage 2.2.9 .1 HP System Management Homepage 2.2.8 HP System Management Homepage 2.2.6 HP System Management Homepage 2.1.15 210 HP System Management Homepage 2.1.12 HP System Management Homepage 2.1.11 HP System Management Homepage 2.1.10 HP System Management Homepage 2.1.9 HP System Management Homepage 2.1.8 HP System Management Homepage 2.1.7 HP System Management Homepage 2.1.6 HP System Management Homepage 2.1.5 HP System Management Homepage 2.1.4 HP System Management Homepage 2.1.3 .132 HP System Management Homepage 2.1.3 HP System Management Homepage 2.1.2 HP System Management Homepage 2.1.1 HP System Management Homepage 2.1 HP System Management Homepage 2.0.2 HP System Management Homepage 2.0.1 HP System Management Homepage 2.0
Not Vulnerable:

HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability

HP System Management Homepage is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to following a malicious URI.

The following example URI is available:

http://www.example.com/red2301.html?RedirectUrl=evil () attacker com

HP System Management Homepage 'RedirectUrl' Parameter URI Redirection Vulnerability

References:

• HP System Management Homepage (HP)
  
• HP System Management Homepage(SMH) | URL Redirection Abuse (HP)