GEN:SID | 1:2655 |
Message | MISC HP Web JetAdmin ExecuteFile admin access |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with an HP WebJetAdmin web server.
|
Impact | A successful attack may allow the execution of arbitrary code as root on UNIX and SYSTEM on Windows on a vulnerable server.
|
Detailed Information | The HP Web JetAdmin application allows users to manage HP JetDirect-connected printers within their intranet using a browser. The httpd core supports an exported function called ExecuteFile. A vulnerability exists that allows the uploading and execution of unauthorized files by posting a malicious http request with the script /plugins/framework/script/content.hts in conjunction with ExecuteFile function to the web server. Discovery of the vulnerability is credited to FX of Phenoelit.
|
Affected Systems | HP Web JetAdmin 6.5.
|
Attack Scenarios | An attacker can create upload and execute a malicious file on a vulnerable server.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | Phenoelit: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt>
Hewlett-Packard: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01026
|
Rule References | bugtraq: 10224
|