CVE-2010-3011

HP System Management Homepage < 6.1 - CRLF Injection via HTTP Header

Title source: manual
STIX 2.1

Description

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41490
Various Sources vendor-advisory x_refsource_hp
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41480

Scores

EPSS 0.0053
EPSS Percentile 67.4%

Details

CWE
CWE-20
Status published
Products (47)
hp/system_management_homepage 2.0.0
hp/system_management_homepage 2.0.1
hp/system_management_homepage 2.0.1.104
hp/system_management_homepage 2.0.2
hp/system_management_homepage 2.0.2.106
hp/system_management_homepage 2.1
hp/system_management_homepage 2.1.0-103
hp/system_management_homepage 2.1.0-103\(a\)
hp/system_management_homepage 2.1.0-109
hp/system_management_homepage 2.1.0-118
... and 37 more
Published Sep 17, 2010
Tracked Since Feb 18, 2026