HP System Management Homepage跨站请求伪造远程漏洞(C

发布日期:2012-04-18
更新日期:2012-04-18

受影响系统:
HP System Management Homepage 6.3
HP System Management Homepage 6.2.2 7
HP System Management Homepage 6.2.0-12
HP System Management Homepage 6.2
HP System Management Homepage 6.2
HP System Management Homepage 6.1.0.103
HP System Management Homepage 6.1.0.102
HP System Management Homepage 6.1.0-103
HP System Management Homepage 6.1
HP System Management Homepage 6.0.0.95
HP System Management Homepage 6.0.0-95
HP System Management Homepage 6.0 .96
HP System Management Homepage 6.0
HP System Management Homepage 3.0.2.77 B
HP System Management Homepage 3.0.2-77
HP System Management Homepage 3.0.2 .77
HP System Management Homepage 3.0.1-73
HP System Management Homepage 3.0.1 .73
HP System Management Homepage 3.0.0-68
HP System Management Homepage 3.0 .68
HP System Management Homepage 3.0 .64
不受影响系统:
HP System Management Homepage 7.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 52974
CVE ID: CVE-2011-3846

HP System Management Homepage (HP SMH) 是一个基于 Web 的界面,可整合和简化对运行 HP-UX、Linux 和 Microsoft Windows 操作系统的 HP 服务器的单系统管理过程。

HP System Management Homepage在实现上存在跨站请求伪造漏洞,利用此漏洞可允许远程攻击者执行管理员操作。

<*来源:Sow Ching Shiong 
  *>

建议:
--------------------------------------------------------------------------------
厂商补丁:

HP
--
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwgywz.html