HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
BID:52974
Info
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 52974 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-3846 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2012 12:00AM |
| Updated: | Apr 18 2012 12:00AM |
| Credit: | Sow Ching Shiong |
| Vulnerable: |
HP System Management Homepage 6.2.2 7 HP System Management Homepage 6.0 .96 HP System Management Homepage 3.0.2 .77 HP System Management Homepage 3.0.1 .73 HP System Management Homepage 3.0 .68 HP System Management Homepage 3.0 .64 HP System Management Homepage 6.3 HP System Management Homepage 6.2.0-12 HP System Management Homepage 6.2 HP System Management Homepage 6.2 HP System Management Homepage 6.1.0.103 HP System Management Homepage 6.1.0.102 HP System Management Homepage 6.1.0-103 HP System Management Homepage 6.1 HP System Management Homepage 6.0.0.95 HP System Management Homepage 6.0.0-95 HP System Management Homepage 6.0 HP System Management Homepage 3.0.2.77 B HP System Management Homepage 3.0.2-77 HP System Management Homepage 3.0.1-73 HP System Management Homepage 3.0.0-68 HP System Management Homepage 0 |
| Not Vulnerable: |
HP System Management Homepage 7.0 |
Discussion
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
HP System Management Homepage is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions such as creating an arbitrary user with administrative privileges. Other attacks are also possible.
HP System Management Homepage 6.2.2.7 is vulnerable; other versions may also be affected.
HP System Management Homepage is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions such as creating an arbitrary user with administrative privileges. Other attacks are also possible.
HP System Management Homepage 6.2.2.7 is vulnerable; other versions may also be affected.
Exploit / POC
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
Solution / Fix
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
References:
References: