nuclei-templates/http/cves/2010/CVE-2010-1586.yaml

41 lines
1.5 KiB
YAML
Raw Normal View History

id: CVE-2010-1586
2023-06-12 10:52:36 +00:00
info:
name: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
author: ctflearner
severity: medium
2023-06-12 10:52:36 +00:00
description: |
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
2023-09-06 13:22:34 +00:00
remediation: |
Apply the latest patches or updates provided by HP to fix the open redirect vulnerability.
reference:
2023-06-12 10:52:36 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586
- https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse
2023-07-11 19:49:27 +00:00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58107
classification:
2023-07-11 19:49:27 +00:00
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2010-1586
cwe-id: CWE-20
2023-10-14 11:27:55 +00:00
epss-score: 0.00917
epss-percentile: 0.81073
2023-09-06 13:22:34 +00:00
cpe: cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: hp
product: system_management_homepage
2023-06-12 10:52:36 +00:00
tags: cve,cve2010,redirect,smh,hp
http:
- method: GET
path:
2023-06-12 10:52:36 +00:00
- "{{BaseURL}}/red2301.html?RedirectUrl=http://interact.sh"
matchers:
- type: regex
part: header
regex:
2023-06-12 10:52:36 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4b0a00483046022100a97711b3481750e13c71eb0620341b8bac4b26aecc5b6ad574ebfa0a198e92c3022100e39a329974368bd3dea76349d0bd76c010867d708c3e03dd744b4baa6955e52c:922c64590222798bb761d5b6d8e72950