CVE-2011-1538

Vulnerability

An open redirect vulnerability exists in HP Proliant Support Pack (PSP) versions 8.6 and earlier, affecting both Linux and Windows installations [1][2]. The vulnerability is triggered via unspecified vectors and does not require authentication on the part of the attacker, but the attacker must be a remote authenticated user [1]. The underlying component where the redirect logic resides is not explicitly disclosed in the available references.

Exploitation

An attacker must have valid credentials to the PSP interface to exploit this vulnerability [1]. The attacker can craft a request that causes the application to redirect another user (the victim) to an arbitrary external website. The exact sequence of steps or input parameters are not detailed in public references.

Impact

Successful exploitation allows an authenticated attacker to redirect other users to arbitrary websites, enabling phishing attacks [1]. The CVSS v2 base score is 7.0 (AV:N/AC:M/Au:S/C:P/I:C/A:N), indicating partial confidentiality impact (since the redirect could leak information) and complete integrity impact (the redirect destination is fully controlled by the attacker) [1][2]. The attacker's privilege level is limited to an authenticated user, but the impact on the victim is complete trust compromise of the PSP session.

Mitigation

HP released PSP version 8.7 to address this vulnerability [1][2]. Users should upgrade to PSP 8.7 or later. The fix is available from HP's support website [1][2]. No workaround is documented for versions 8.6 and earlier.