CVE-2010-1586
published 2010-04-28CVE-2010-1586: Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
9.66%
94.9th percentile
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
| hp | system_management_homepage | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g83g-c7r4-jvj2: Open redirect vulnerability in red2301
ghsa_unreviewed·2022-05-17
CVE-2010-1586 [MEDIUM] CWE-20 GHSA-g83g-c7r4-jvj2: Open redirect vulnerability in red2301
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
Red Hat
kdenetwork: incomplete fix for CVE-2010-1000
vendor_redhat·2011-04-11·CVSS 5.8
CVE-2011-1586 [MEDIUM] CWE-73 kdenetwork: incomplete fix for CVE-2010-1000
kdenetwork: incomplete fix for CVE-2010-1000
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
No detection rules found.
Exploit-DB
HP System Management Homepage - 'RedirectUrl' Open Redirection
exploitdb·2010-04-25
CVE-2010-1586 HP System Management Homepage - 'RedirectUrl' Open Redirection
HP System Management Homepage - 'RedirectUrl' Open Redirection
---
source: https://www.securityfocus.com/bid/39676/info
HP System Management Homepage is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks; other attacks are possible.
http://www.example.com/red2301.html?RedirectUrl=evil () attacker com
Nuclei
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
nuclei·CVSS 4.3
CVE-2010-1586 [MEDIUM] HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
Template:
id: CVE-2010-1586
info:
name: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of
http://www.securityfocus.com/bid/39676http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abusehttps://exchange.xforce.ibmcloud.com/vulnerabilities/58107http://www.securityfocus.com/bid/39676http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abusehttps://exchange.xforce.ibmcloud.com/vulnerabilities/58107
2010-04-28
Published