Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting HP Managed Printing Administration, a printer management application.

Versions of HP Managed Printing Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :

Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. (CVE-2011-4166)

- An extended length string can be passed into scripts within the management website and ultimately to MPAUploader.dll which could be exploited to execute arbitrary code. (CVE-2011-4167)

- Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remote create arbitrary files. (CVE-2011-4168)

Solution

Upgrade to HP Managed Printing Administration 2.6.4 or later.