HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access

low Nessus Plugin ID 12120

Language:

Synopsis

The remote host is running a web-based application that is affected by multiple vulnerabilities.

Description

The remote HP Web JetAdmin suffers from a number of vulnerabilities.
The current running version is vulnerable to a directory traversal attack via the setinfo.hts script. A remote attacker could exploit this flaw to access arbitrary files on the host.

Solution

To set a password for the HP Web Jet Admin service follow these steps:
1. In the navigation menu select General Settings, and expand the tree.
2. Expand Profiles Administration 3. Select Add/Remove Profiles 4. In the User Profiles page, if a password has not been set, select the 'Note: To enable security features, an Admin password must be set.' link.
5. Set an administrator password.

It is strongly recommended that access be restricted by IP Addresses:
1. Expand the General Settings tree.
2. Select the HTTP (Web) branch.
3. Under the 'Allow HP Web Jetadmin Access' add your administration IP host or range. HP Also recommends removing all files that are included in the test directory. On a default installation this would be in the directory :
C:\Program Files\HP Web Jetadmin\doc\plugins\hpjdwm\script\

Note that HP released Web Jetadmin version 7.6 on or about September 13, 2004. That version, as well as succeeding versions are not affected by this issue.

See Also

http://www.nessus.org/u?3ebb74e1

Plugin Details

Severity: Low

ID: 12120

File Name: hp_jadm_vuln.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 3/30/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 2

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hp:web_jetadmin

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 9/13/2004

Vulnerability Publication Date: 3/25/2004

Reference Information

CVE: CVE-2004-1857

BID: 9973