Vulnerability Release Date:
Vulnerability Update Time:
Vulnerability cause
Design Error
Hazard level
Low
Impact System
XML Security Library 1.x
Unaffected System
Hazards
Remote attackers can exploit this vulnerability to obtain sensitive information or bypass authentication to access restricted resources.
Attack Conditions
Attackers must access HP Operations.
Vulnerability Information
HP Operations is a Distributed Client/Server software product used to manage distributed environments.
HP Operations on Unix platforms has a security vulnerability that allows malicious users to perform cross-site scripting attacks and bypass some security features.
-Some inputs lack filtering before returning users. Attackers can exploit this vulnerability to perform cross-site scripting attacks to obtain sensitive information or hijack target user sessions.
-There is an unknown error that allows attackers to gain unauthorized access to certain resources. Currently, no detailed vulnerability details are provided.
Test Method
Vendor solutions
You can obtain the patch information by referring to the Security announcements provided by the following vendors:
Http://www11.itrc.hp.com/service/cki/docDisplay.do? DocId = emr_na-c02770049
Vulnerability provider
HP
Vulnerability message Link
Http://secunia.com/advisories/43985/
Vulnerability Message Title
HP Operations for UNIX Cross-Site Scripting and Security Bypass