CVE-2012-2014 — Improper Validation of Certificate with Host Mismatch in HP System Management Homepage

CWE-297 — Improper Validation of Certificate with Host Mismatch23 documents12 sources

Severity

9.0CRITICALNVD

EPSS

0.3%

top 51.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage

Timeline

PublishedJun 29

Latest updateMay 13

Description

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/system_management_homepage7.1.0-16+70

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-6j29-ph9w-5qxr: HP System Management Homepage (SMH) before 7↗2022-05-13

▶

CVEList

CVE-2012-2014: HP System Management Homepage (SMH) before 7↗2012-06-29

▶

💥Exploits & PoCs

Exploit-DB

BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting↗2019-08-12

▶

Exploit-DB

Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)↗2014-11-14

▶

Exploit-DB

ACME micro_httpd - Denial of Service↗2014-07-18

▶

📋Vendor Advisories

Juniper

CVE-2014-3411: Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vect↗2014-05-19

▶

💬Community

Bugzilla

CVE-2012-6703 kernel: Integer overflow in compress_core↗2016-06-29

▶

Bugzilla

CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix↗2014-08-12

▶

Bugzilla

CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl↗2014-01-29

▶