Published: 28/04/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp system management homepage 2.1.0-103
hp system management homepage 2.1.0-103\\(a\\)
hp system management homepage 2.1.12-200
hp system management homepage 2.1.2-127
hp system management homepage 2.1.3
hp system management homepage 2.1.7
hp system management homepage 2.1.7-168
hp system management homepage 2.1.2
hp system management homepage 2.0.0
hp system management homepage 2.0.1
hp system management homepage 2.1.1
hp system management homepage 2.1.10-186
hp system management homepage 2.1.5
hp system management homepage 2.1.5-146
hp system management homepage 2.1.9
hp system management homepage 2.1.9-178
hp system management homepage 2.1.0-109
hp system management homepage 2.1.0-118
hp system management homepage 2.1.3.132
hp system management homepage 2.1.4
hp system management homepage 2.1.8
hp system management homepage 2.1.8-177
hp system management homepage 2.0.2
hp system management homepage 2.1
hp system management homepage 2.1.11-197
hp system management homepage 2.1.12-118
hp system management homepage 2.1.6
hp system management homepage 2.1.6-156
hp system management homepage 2.2.6
hp system management homepage 2.2.8

source: wwwsecurityfocuscom/bid/39676/info HP System Management Homepage is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input A successful exploit may aid in phishing attacks; other attacks are possible wwwexamplecom/red2301html?RedirectUrl=evil () attacker com ...

CWE-20 http://www.securityfocus.com/bid/39676 http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse https://exchange.xforce.ibmcloud.com/vulnerabilities/58107 https://nvd.nist.gov https://www.exploit-db.com/exploits/33873/

CVE-2010-1586

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect