HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 6113
SynopsisThe remote web server is hosting an application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server is hosting HP Managed Printing Administration, a printer management application.
Versions of HP Managed Printing Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :
Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. (CVE-2011-4166)
- An extended length string can be passed into scripts within the management website and ultimately to MPAUploader.dll which could be exploited to execute arbitrary code. (CVE-2011-4167)
- Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remote create arbitrary files. (CVE-2011-4168)
SolutionUpgrade to HP Managed Printing Administration 2.6.4 or later.