Signature Detail

App: HP Web JetAdmin Traversal

This signature detects attempts to exploit a known vulnerability against HP Web JetAdmin service. HP Web JetAdmin version 7.5.2546 and earlier are vulnerable. Because JetAdmin does not properly verify input to the setinclude parameter in /plugins/hpjdwm/script/test/setinfo.hts, attackers can use a directory traversal to read and execute arbitrary HTS files.

Extended Description

It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of 'setinfo.hts' script. This vulnerability can be combined with HP Web Jetadmin Firmware Update Script Arbitrary File Upload Weakness (BID 9971) to upload malicious files to a vulnerable server in order to gain unauthorized access to a host. This issue has been tested with an authenticated account on HP Web Jetadmin version 7.5.2546 running on a Windows platform.

Affected Products

• HP Web Jetadmin 7.5.2456

References

• BugTraq: 9972
• CVE: CVE-2000-0443
• URL: http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBPI01007
• URL: http://www.securityspace.com/smysecure/catid.html?viewsrc=1&id=12120
• URL: http://secunia.com/advisories/11213/