Test ID:	1.3.6.1.4.1.25623.1.0.106390
Category:	Web application abuses
Title:	HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMU03653)
Summary:	HP/HPE System Management Homepage (SMH) is prone to multiple; vulnerabilities.
Description:	Summary: HP/HPE System Management Homepage (SMH) is prone to multiple vulnerabilities. Vulnerability Impact: The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Affected Software/OS: HP/HPE SMH prior to version 7.6. Solution: Update to version 7.6.0 or later. CVSS Score: 8.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2105 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html BugTraq ID: 89757 http://www.securityfocus.com/bid/89757 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Cisco Security Advisory: 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl Debian Security Information: DSA-3566 (Google Search) http://www.debian.org/security/2016/dsa-3566 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html FreeBSD Security Advisory: FreeBSD-SA-16:17 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc https://security.gentoo.org/glsa/201612-16 http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html RedHat Security Advisories: RHSA-2016:0722 http://rhn.redhat.com/errata/RHSA-2016-0722.html RedHat Security Advisories: RHSA-2016:0996 http://rhn.redhat.com/errata/RHSA-2016-0996.html RedHat Security Advisories: RHSA-2016:1648 http://rhn.redhat.com/errata/RHSA-2016-1648.html RedHat Security Advisories: RHSA-2016:1649 http://rhn.redhat.com/errata/RHSA-2016-1649.html RedHat Security Advisories: RHSA-2016:1650 http://rhn.redhat.com/errata/RHSA-2016-1650.html RedHat Security Advisories: RHSA-2016:2056 http://rhn.redhat.com/errata/RHSA-2016-2056.html RedHat Security Advisories: RHSA-2016:2073 http://rhn.redhat.com/errata/RHSA-2016-2073.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1035721 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103 SuSE Security Announcement: SUSE-SU-2016:1206 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html SuSE Security Announcement: SUSE-SU-2016:1228 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html SuSE Security Announcement: SUSE-SU-2016:1231 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html SuSE Security Announcement: SUSE-SU-2016:1233 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html SuSE Security Announcement: SUSE-SU-2016:1267 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html SuSE Security Announcement: SUSE-SU-2016:1290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html SuSE Security Announcement: SUSE-SU-2016:1360 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html SuSE Security Announcement: openSUSE-SU-2016:1237 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:1238 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:1239 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:1240 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2016:1242 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:1243 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2016:1273 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html http://www.ubuntu.com/usn/USN-2959-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2106 BugTraq ID: 89744 http://www.securityfocus.com/bid/89744 Common Vulnerability Exposure (CVE) ID: CVE-2016-2107 BugTraq ID: 89760 http://www.securityfocus.com/bid/89760 https://www.exploit-db.com/exploits/39768/ http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2109 BugTraq ID: 87940 http://www.securityfocus.com/bid/87940 Common Vulnerability Exposure (CVE) ID: CVE-2016-3739 BugTraq ID: 90726 http://www.securityfocus.com/bid/90726 https://security.gentoo.org/glsa/201701-47 http://www.openwall.com/lists/oss-security/2024/03/27/4 http://www.securitytracker.com/id/1035907 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349 Common Vulnerability Exposure (CVE) ID: CVE-2016-4070 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html BugTraq ID: 85801 http://www.securityfocus.com/bid/85801 Debian Security Information: DSA-3560 (Google Search) http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/24/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4071 BugTraq ID: 85800 http://www.securityfocus.com/bid/85800 https://www.exploit-db.com/exploits/39645/ https://security.gentoo.org/glsa/201611-22 Common Vulnerability Exposure (CVE) ID: CVE-2016-4072 BugTraq ID: 85993 http://www.securityfocus.com/bid/85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4342 BugTraq ID: 89154 http://www.securityfocus.com/bid/89154 http://www.openwall.com/lists/oss-security/2016/04/28/2 SuSE Security Announcement: openSUSE-SU-2016:1357 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4343 BugTraq ID: 89179 http://www.securityfocus.com/bid/89179 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php Common Vulnerability Exposure (CVE) ID: CVE-2016-4393 BugTraq ID: 93961 http://www.securityfocus.com/bid/93961 Common Vulnerability Exposure (CVE) ID: CVE-2016-4394 Common Vulnerability Exposure (CVE) ID: CVE-2016-4395 http://www.zerodayinitiative.com/advisories/ZDI-16-587 https://www.tenable.com/security/research/tra-2016-32 Common Vulnerability Exposure (CVE) ID: CVE-2016-4396 http://www.zerodayinitiative.com/advisories/ZDI-16-588 Common Vulnerability Exposure (CVE) ID: CVE-2016-4537 BugTraq ID: 90173 http://www.securityfocus.com/bid/90173 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://www.openwall.com/lists/oss-security/2016/05/05/21 Common Vulnerability Exposure (CVE) ID: CVE-2016-4538 Common Vulnerability Exposure (CVE) ID: CVE-2016-4539 BugTraq ID: 90174 http://www.securityfocus.com/bid/90174 Common Vulnerability Exposure (CVE) ID: CVE-2016-4540 BugTraq ID: 90172 http://www.securityfocus.com/bid/90172 Common Vulnerability Exposure (CVE) ID: CVE-2016-4541 Common Vulnerability Exposure (CVE) ID: CVE-2016-4542 BugTraq ID: 89844 http://www.securityfocus.com/bid/89844 Common Vulnerability Exposure (CVE) ID: CVE-2016-4543 Common Vulnerability Exposure (CVE) ID: CVE-2016-5385 1036335 http://www.securitytracker.com/id/1036335 91821 http://www.securityfocus.com/bid/91821 DSA-3631 http://www.debian.org/security/2016/dsa-3631 FEDORA-2016-4e7db3d437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/ FEDORA-2016-8eb11666aa https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/ FEDORA-2016-9c8cf5912c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/ GLSA-201611-22 RHSA-2016:1609 http://rhn.redhat.com/errata/RHSA-2016-1609.html RHSA-2016:1610 http://rhn.redhat.com/errata/RHSA-2016-1610.html RHSA-2016:1611 http://rhn.redhat.com/errata/RHSA-2016-1611.html RHSA-2016:1612 http://rhn.redhat.com/errata/RHSA-2016-1612.html RHSA-2016:1613 http://rhn.redhat.com/errata/RHSA-2016-1613.html VU#797896 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://bugzilla.redhat.com/show_bug.cgi?id=1353794 https://github.com/guzzle/guzzle/releases/tag/6.2.1 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://httpoxy.org/ https://www.drupal.org/SA-CORE-2016-003 openSUSE-SU-2016:1922 http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5387 BugTraq ID: 91816 http://www.securityfocus.com/bid/91816 CERT/CC vulnerability note: VU#797896 Debian Security Information: DSA-3623 (Google Search) http://www.debian.org/security/2016/dsa-3623 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/ https://security.gentoo.org/glsa/201701-36 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2016:1420 https://access.redhat.com/errata/RHSA-2016:1420 RedHat Security Advisories: RHSA-2016:1421 https://access.redhat.com/errata/RHSA-2016:1421 RedHat Security Advisories: RHSA-2016:1422 https://access.redhat.com/errata/RHSA-2016:1422 RedHat Security Advisories: RHSA-2016:1624 http://rhn.redhat.com/errata/RHSA-2016-1624.html RedHat Security Advisories: RHSA-2016:1625 http://rhn.redhat.com/errata/RHSA-2016-1625.html RedHat Security Advisories: RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 RedHat Security Advisories: RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 RedHat Security Advisories: RHSA-2016:1851 https://access.redhat.com/errata/RHSA-2016:1851 http://www.securitytracker.com/id/1036330 SuSE Security Announcement: openSUSE-SU-2016:1824 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://www.ubuntu.com/usn/USN-3038-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5388 1036331 http://www.securitytracker.com/id/1036331 91818 http://www.securityfocus.com/bid/91818 RHSA-2016:1624 RHSA-2016:1635 RHSA-2016:1636 RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries. https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E [debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html [tomcat-users] 20200813 CVE reporting discrepencies https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200813 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200814 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 https://tomcat.apache.org/tomcat-7.0-doc/changelog.html https://www.apache.org/security/asf-httpoxy-response.txt openSUSE-SU-2016:2252 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.