HP's "System Management Homepage" web interface vulnerable
Hewlett Packard's "System Management Homepage", a web management interface for ProLiant and Integrity servers, contains a critical security hole that enables remote authenticated attackers to inject commands into systems via specially crafted HTTP requests.
The server that provides the web interface inserts a portion of the requested address into an
exec() command without checking it first. A sample request could look like this:
https://<host>:2381/smhutil/snmpchp.php.en/&&<cmd>&&echo (full file name)
HP was notified of the vulnerability on 19 April. However, Daimler TSS Offensive Security team member Markus Wulftange, who discovered the vulnerability, explained that the hole isn't easy to exploit because the "<", ">", "|" and "/" characters are not permitted. Until the hole is closed, these web interfaces should not be made accessible via the internet.
Markus Wulftange has previously reported security holes in HP's Insight Diagnostics server management tool.