CVE-2011-0277

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-0277 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sow Ching Shiong.
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-0277

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP Power Manager all versions on Linux
* HP Power Manager all versions on Windows

HP Power Manager (HPPM) Constains a potential security vulnerability running on Linux and Windows. The vulnerability could result in a cross site request forgery (CSRF) leading to unauthorized administrative access

Workaround:
HP recommends the following:

Open a browser instance, log on to HPPM, perform needed task, and log off from HPPM
Do not visit untrusted web sites while logged on to HPPM
Use a firewall to limit access to HPPM
In addition accessing HPPM using HTTPS is recommended.

CVE Information:
CVE-2011-0277

Disclosure Timeline:
Release Date: 2011-02-07
Last Updated: 2011-02-07

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus