HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)

medium Nessus Plugin ID 57701

Synopsis

The remote web server hosts a web application that is affected by a directory traversal vulnerability.

Description

The HP Managed Printing Administration install on the remote web server is affected by a directory traversal vulnerability in the 'Default.asp' script. A remote, unauthenticated attacker, exploiting this flaw, could create arbitrary files on the remote host.

Note that the HP Managed Printing Administration install is likely affected by multiple other flaws, though Nessus has not tested for these.

Solution

Upgrade to HP Managed Printing Administration version 2.6.4 or later.

See Also

http://www.nessus.org/u?ad1b5d3c

https://www.zerodayinitiative.com/advisories/ZDI-11-354/

Plugin Details

Severity: Medium

ID: 57701

File Name: hp_managed_printing_administration_dir_traversal.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 1/26/2012

Updated: 1/19/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:managed_printing_administration

Required KB Items: www/hp_managed_printing_administration

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/21/2011

Vulnerability Publication Date: 12/21/2011

Exploitable With

Metasploit (HP Managed Printing Administration jobAcct Remote Command Execution)

ExploitHub (EH-11-262)

Reference Information

CVE: CVE-2011-4168

BID: 51174