GEN:SID 1:2548
Message MISC HP Web JetAdmin setinfo access
Summary This event is generated when an attempt is made to exploit a vulnerability
associated with the web interface support for the HP JetAdmin printer.
Impact A successful attack may allow unauthorized files to be read or the injection
of a .hts script on a vulnerable server.
Detailed Information The HP Web JetAdmin provides a web interface for the administration of the HP
Web JetAdmin printer.  A vulnerability exists that allows unauthorized
files to be read or a .hts script to be executed.  This is caused when the
/plugins/hpjdwm/script/test/setinfo.hts script is supplied a value to the
setinclude parameter that represents an unauthorized file to be read outside
the web root or represents a .hts file that will be executed with system
privileges on the vulnerable server.
Affected Systems HP Web JetAdmin 7.2.
Attack Scenarios An attacker can execute the vulnerable script and supply a value to setinclude
indicating an unauthorized file to be read or an .hts file to be executed.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software or apply the appropriate patch
when it becomes available.
Additional References  
Rule References bugtraq: 9972