News Stay informed about the latest enterprise technology news and product updates.

HP issues advisories, plugs holes

HP's System Management Homepage is vulnerable to cross-site scripting attacks, according to advisories issued Tuesday.

HP on Tuesday issued several advisories warning of critical flaws in its System Management Homepage (SMH) for Linux, HP-Unix and Windows and certain systems running IP Filter packet filtering technology.

Cross-site scripting attacks:
Has cross-site scripting evolved? It's astounding what is being done with browser scripts these days. In this expert Q&A, Ed Skoudis explains how today's cross-site scripting attacks are a far cry from those a few years ago.

Hackers broaden reach of cross-site scripting attacks: An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet.

In its advisory to customers, HP said the SMH vulnerabilities could be exploited to allow a cross-site scripting attack. SMH versions prior to v2.1.10 running on Linux and Windows are affected, as well as SMH running on HP-UX versions B.11.11, B.11.23, and B.11.31.

HP issued updates to repair Homepage running on Linux and an update to repair versions running on Windows. An HP software update was also issued to repair the HP-UX flaws.

An update has also been released by HP to repair a security vulnerability with HP-UX running IPFilter in combination with PHNE_34474. HP said the vulnerability could be remotely exploited to by an attacker create a denial of service attack and crash a system.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.