Hp snmp Agents unknown details Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
Hp snmp Agent 8.7
Hp snmp Agent 8.0
Unaffected system:
Hp snmp Agent 9.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53338
Cve id: CVE-2012-2001

Hp snmp Agents is a series of SNMP-based proxies and tools.

Two security vulnerabilities exist in the implementation of hp snmp Agents. Successful exploitation can lead to spoofing and cross-site scripting attacks.

1) Some inputs are returned to the user without verification, resulting in arbitrary HTML and script code execution in the affected site user's browser.

2) if some inputs are not verified, the user is redirected, causing the user to be redirected to any site.

<* Source: HP

Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03301854

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBMU02771) for this purpose and the corresponding patch:

HPSBMU02771: HPSBMU02771 SSRT100558 rev.1-hp snmp Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection

Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03301854