S-186: HP System Management Homepage (SMH) for HP-UX Vulnerability
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for HP-UX. These vulnerabilities could by exploited remotely to allow cross site scripting (XSS). The risk is MEDIUM. Could be exploited remotely to allow cross site scripting (XSS).
I've just been on an HP Training Course for HPUXv11.31 and found out about the gui / web for SMH. I never did a course on HP11v23. On our two servers here in the UK that run 11.23 I'm pretty sure that when I typed in "sam" on the command line it went to a sort of smh. (There was a message saying... (2 Replies)
I have a couple of issues with SMH running on HP-UX 11.11. The version numbers of the modules that I have loaded is below.
1) Does anyone have the "HPUX_EthernetLANEndpoint" or "HPUX_EthernetPort" modules on their server? I am getting errors within the SMH error log stating that these... (2 Replies)
Topics in the System Management blog include the Sun x86 SNMP Hardware Monitoring Agent, Microsoft Integration Updates posted, Sun Integration 1.0 for Microsoft SCOM 2007, Sun Installation Assistant adds 2 more platforms, etc.
More... (0 Replies)
Over the past 4 -5 years, I have cobbled together a rudimentary 'Document Management System' for a school district I support using Linux Bash Shell scripts..
The purpose of the scripting was to supplement features of a Job Applicant Center that had very simplistic methods of handle file... (1 Reply)
hi all, i am currently implementating project scope for a future enterprise solution provider in the storage area.
I was hoping if anyone could help me to answer questions regarding the Central Configurations Management System in the RedHat or other linux distro.
In the Unix env. , most of... (2 Replies)
pdweb(1M)pdweb(1M)NAME
pdweb - start the HP-UX Peripheral Device tool, part of the System Management Homepage Web interface.
SYNOPSIS
Path:
DESCRIPTION
The HP-UX Peripheral Device tool (pdweb) can be used to easily and quickly view I/O devices and OLRAD cards. It helps manage hot pluggable
PCI slots on systems that support adding and replacing cards without rebooting. On all HP-UX systems, will display the I/O devices and can
be used to (re)create device files for a selected device.
The HP-UX Peripheral Device tool user interface uses a Web browser. Executing the command, with DISPLAY variable set and without any
options performs the following tasks:
o start the System Management Homepage Web server and
o start a Web client (browser)
An attempt will be made to connect to the browser specified with the BROWSER environment variable, or Mozilla, or Netscape. The Web
browser will be displayed on the X server defined by the DISPLAY environment variable. If a running browser is found, it will be used,
otherwise a new session will be initiated. This will only happen if the browser process is running on the same system used to exectue the
pdweb command (defined by the DISPLAY variable), unless the option is used.
Options
The recognizes the following options:
Opens the terminal interface for Cards and Devices regardless of the
current setting of the DISPLAY environment variable.
Forces a client browser to be used in less secure ways.
Two security features are overridden by the option.
The option forces the client browser to be used or started, even if the X-traffic between the X-server and the Mozilla
browser is not secure.
When is invoked by the option is used.
Only a priviledged user (root) can execute When used with the option, a temporary login bypass key will be generated. The
bypass key allows the user to access the Web interface without having to provide login information again.
Only use this option if you are sure the network traffic is secure between the host where Mozilla is running, and the host
in the DISPLAY variable.
The browser uses URL http://hostname:2301/ and you may paste this into any browser if a browser does open with the pdweb
command.
Online Help
Once the HP-UX Peripheral Device tool is started, the online help provides details on how to use the tool.
RETURN VALUES
Upon completion, returns one of the following values:
Successful.
An error occurred.
AUTHORS
pdweb was developed by Hewlett-Packard
SEE ALSO hpsmh(1M), smhstartconfig(1M), olrad(1M), ioscan(1M), insf(1M)pdweb(1M)