Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-186: HP System Management Homepage (SMH) for HP-UX Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-186: HP System Management Homepage (SMH) for HP-UX Vulnerability
# 1  
Old 02-15-2008
S-186: HP System Management Homepage (SMH) for HP-UX Vulnerability
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for HP-UX. These vulnerabilities could by exploited remotely to allow cross site scripting (XSS). The risk is MEDIUM. Could be exploited remotely to allow cross site scripting (XSS).


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. HP-UX

HPUX 11.23 - Sam and Smh.

I've just been on an HP Training Course for HPUXv11.31 and found out about the gui / web for SMH. I never did a course on HP11v23. On our two servers here in the UK that run 11.23 I'm pretty sure that when I typed in "sam" on the command line it went to a sort of smh. (There was a message saying... (2 Replies)
Discussion started by: markp1965
2 Replies

2. HP-UX

SYstem Management Homepage (SMH) Issues - HP-UX 11.11

I have a couple of issues with SMH running on HP-UX 11.11. The version numbers of the modules that I have loaded is below. 1) Does anyone have the "HPUX_EthernetLANEndpoint" or "HPUX_EthernetPort" modules on their server? I am getting errors within the SMH error log stating that these... (2 Replies)
Discussion started by: JDM_Nokia
2 Replies

3. Infrastructure Monitoring

All Things System Management (Blog)

Topics in the System Management blog include the Sun x86 SNMP Hardware Monitoring Agent, Microsoft Integration Updates posted, Sun Integration 1.0 for Microsoft SCOM 2007, Sun Installation Assistant adds 2 more platforms, etc. More... (0 Replies)
Discussion started by: Linux Bot
0 Replies

4. Shell Programming and Scripting

Shell Scripted Document Management System

Over the past 4 -5 years, I have cobbled together a rudimentary 'Document Management System' for a school district I support using Linux Bash Shell scripts.. The purpose of the scripting was to supplement features of a Job Applicant Center that had very simplistic methods of handle file... (1 Reply)
Discussion started by: rmuledeer
1 Replies

5. Red Hat

Central Configurations Management System for Linux

hi all, i am currently implementating project scope for a future enterprise solution provider in the storage area. I was hoping if anyone could help me to answer questions regarding the Central Configurations Management System in the RedHat or other linux distro. In the Unix env. , most of... (2 Replies)
Discussion started by: furrahs@yahoo.c
2 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

pdweb

pdweb(1M)																 pdweb(1M)

NAME

       pdweb - start the HP-UX Peripheral Device tool, part of the System Management Homepage Web interface.

SYNOPSIS

       Path:

DESCRIPTION

       The HP-UX Peripheral Device tool (pdweb) can be used to easily and quickly view I/O devices and OLRAD cards.  It helps manage hot pluggable
       PCI slots on systems that support adding and replacing cards without rebooting.	On all HP-UX systems, will display the I/O devices and can
       be used to (re)create device files for a selected device.

       The  HP-UX  Peripheral  Device  tool  user  interface uses a Web browser.  Executing the command, with DISPLAY variable set and without any
       options performs the following tasks:

	      o  start the System Management Homepage Web server and

	      o  start a Web client (browser)

       An attempt will be made to connect to the browser specified with the BROWSER environment  variable,  or	Mozilla,  or  Netscape.   The  Web
       browser	will  be  displayed  on the X server defined by the DISPLAY environment variable.  If a running browser is found, it will be used,
       otherwise a new session will be initiated.  This will only happen if the browser process is running on the same system used to exectue  the
       pdweb command (defined by the DISPLAY variable), unless the option is used.

   Options
       The recognizes the following options:

       Opens the terminal interface for Cards and Devices regardless of the
		      current setting of the DISPLAY environment variable.

       Forces a client browser to be used in less secure ways.
		      Two security features are overridden by the option.

		      The  option  forces  the	client	browser  to be used or started, even if the X-traffic between the X-server and the Mozilla
		      browser is not secure.

		      When is invoked by the option is used.

		      Only a priviledged user (root) can execute When used with the option, a temporary login bypass key will be  generated.   The
		      bypass key allows the user to access the Web interface without having to provide login information again.

		      Only  use  this option if you are sure the network traffic is secure between the host where Mozilla is running, and the host
		      in the DISPLAY variable.

		      The browser uses URL http://hostname:2301/ and you may paste this into any browser if a browser does  open  with	the  pdweb
		      command.

   Online Help
       Once the HP-UX Peripheral Device tool is started, the online help provides details on how to use the tool.

RETURN VALUES

       Upon completion, returns one of the following values:

       Successful.

       An error occurred.

AUTHORS

       pdweb was developed by Hewlett-Packard

SEE ALSO

       hpsmh(1M), smhstartconfig(1M), olrad(1M), ioscan(1M), insf(1M)

																	 pdweb(1M)