Vulnerabilities > CVE-2006-1774 - Security Bypass vulnerability in HP Compaqhttpserver and System Management Homepage

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2006-04-13

Updated: 2018-10-18

Summary

HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. The only way to prevent this is to set the Trust level to "Trust by Certificates"

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Compaqhttpserver 9.9 HP System Management Homepage 2.1.3.132	2

References

http://securitytracker.com/id?1015901
http://src.telindus.com/articles/hpsm_vulnerability.html
http://www.securityfocus.com/archive/1/430688/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25761