Article

HP issues advisories, plugs holes

SearchSecurity.com Staff

HP on Tuesday issued several advisories warning of critical flaws in its System Management Homepage (SMH) for Linux, HP-Unix and Windows and certain systems running IP Filter packet filtering technology.

    Requires Free Membership to View

Cross-site scripting attacks:
Has cross-site scripting evolved? It's astounding what is being done with browser scripts these days. In this expert Q&A, Ed Skoudis explains how today's cross-site scripting attacks are a far cry from those a few years ago.

Hackers broaden reach of cross-site scripting attacks: An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet.

In its advisory to customers, HP said the SMH vulnerabilities could be exploited to allow a cross-site scripting attack. SMH versions prior to v2.1.10 running on Linux and Windows are affected, as well as SMH running on HP-UX versions B.11.11, B.11.23, and B.11.31.

HP issued updates to repair Homepage running on Linux and an update to repair versions running on Windows. An HP software update was also issued to repair the HP-UX flaws.

An update has also been released by HP to repair a security vulnerability with HP-UX running IPFilter in combination with PHNE_34474. HP said the vulnerability could be remotely exploited to by an attacker create a denial of service attack and crash a system.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: