CVE-2010-3011

Опубликовано: 17 сент. 2010

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Ссылки

http://secunia.com/advisories/41480
Vendor Advisory
http://secunia.com/advisories/41490
Vendor Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://secunia.com/advisories/41480
Vendor Advisory
http://secunia.com/advisories/41490
Vendor Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

Версия до 6.1 (включая)

cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.0-68:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.1-73:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.1.73:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.2-77:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.2.77:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:3.0.2.77:b:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:6.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:6.0.0-95:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:6.0.0.96:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:6.1.0-103:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:6.1.0.102:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00601

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-rf84-hw64-3p3f

github

больше 3 лет назад