HP Web JetAdmin Directory Traversal Vulnerability
BID:1243
Info
HP Web JetAdmin Directory Traversal Vulnerability
| Bugtraq ID: | 1243 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 24 2000 12:00AM |
| Updated: | May 24 2000 12:00AM |
| Credit: | Discovered by USSR Labs <[email protected]> on May 24, 2000. |
| Vulnerable: |
HP JetAdmin 5.6 HP JetAdmin 5.5.177 |
| Not Vulnerable: | |
Discussion
HP Web JetAdmin Directory Traversal Vulnerability
By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.
By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.
Exploit / POC
HP Web JetAdmin Directory Traversal Vulnerability
http://target:8000/cgi/wja?page=/../../../filename
http://target:8000/cgi/wja?page=/../../../filename
Solution / Fix
HP Web JetAdmin Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Upgrade to Version 6.0:
http://www.hp.com/cposupport/swindexes/hpwebjetad1880_swen.html
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Upgrade to Version 6.0:
http://www.hp.com/cposupport/swindexes/hpwebjetad1880_swen.html