GEN:SID 1:2655
Message MISC HP Web JetAdmin ExecuteFile admin access
Summary This event is generated when an attempt is made to exploit a vulnerability
associated with an HP WebJetAdmin web server.
Impact A successful attack may allow the execution of arbitrary code as root on UNIX
and SYSTEM on Windows on a vulnerable server.
Detailed Information The HP Web JetAdmin application allows users to manage HP JetDirect-connected
printers within their intranet using a browser. The httpd core supports an
exported function called ExecuteFile. A vulnerability exists that allows the
uploading and execution of unauthorized files by posting a malicious http
request with the script /plugins/framework/script/content.hts in conjunction
with ExecuteFile function to the web server. Discovery of the vulnerability is
credited to FX of Phenoelit.
Affected Systems HP Web JetAdmin 6.5.
Attack Scenarios An attacker can create upload and execute a malicious file on a vulnerable server.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References Phenoelit:
http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt>

Hewlett-Packard:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01026
Rule References bugtraq: 10224