Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HP Jet Admin 7.x Traversal Arbitrary Command Execution

Low

Synopsis

The remote host is vulnerable to a directory traversal flaw

Description

The remote host is an HP Web JetAdmin server. 7.X versions of this server are vulnerable to a directory traversal attack which can reveal the contents of arbitrary files, or be used to execute arbitrary commands.

Solution

Set a password for the JetAdmin and ensure that you are running the latest version of the Webserver software. In addition, the device supports IP-based Access Control Lists (ACLs) which can be used to restrict access to only valid administrators.