2023-06-11 05:56:26 +00:00
id : CVE-2010-1586
2023-06-12 10:52:36 +00:00
2023-06-11 05:56:26 +00:00
info :
name : HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
author : ctflearner
severity : medium
2023-06-12 10:52:36 +00:00
description : |
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
2023-09-06 13:22:34 +00:00
remediation : |
Apply the latest patches or updates provided by HP to fix the open redirect vulnerability.
2023-06-11 05:56:26 +00:00
reference :
2023-06-12 10:52:36 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586
2023-06-11 05:56:26 +00:00
- https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse
2023-07-11 19:49:27 +00:00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58107
2023-06-11 05:56:26 +00:00
classification :
2023-07-11 19:49:27 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
2023-06-11 05:56:26 +00:00
cvss-score : 4.3
cve-id : CVE-2010-1586
cwe-id : CWE-20
2023-08-31 11:46:18 +00:00
epss-score : 0.00846
epss-percentile : 0.80024
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
2023-06-11 05:56:26 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : hp
product : system_management_homepage
2023-06-12 10:52:36 +00:00
tags : cve,cve2010,redirect,smh,hp
2023-06-11 05:56:26 +00:00
http :
- method : GET
path :
2023-06-12 10:52:36 +00:00
- "{{BaseURL}}/red2301.html?RedirectUrl=http://interact.sh"
2023-06-11 05:56:26 +00:00
matchers :
- type : regex
part : header
regex :
2023-06-12 10:52:36 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
