GEN:SID 1:2549
Message MISC HP Web JetAdmin file write attempt
Summary This event is generated when an attempt is made to exploit a vulnerability
associated with the web interface support for the HP JetAdmin printer.
Impact A successful attack may allow a sensitive system file to be overwritten.
Detailed Information The HP Web JetAdmin provides a web interface for the administration of the HP
Web JetAdmin printer.  A vulnerability is present that allows an existing file
on the server to be overwritten. This problem exists because the script
/plugins/framework/script/tree.xms does not sanitize the value supplied to
the parameter WriteToFile, permitting a directory traversal from the web root
directory to any file. An attacker can supply the data to write to the specified
file.
Affected Systems HP Web JetAdmin 7.2.
Attack Scenarios An attacker can overwrite a sensitive system file using the WriteToFile parameter
and supplying the data to write to the file.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software or apply the appropriate patch
when it becomes available.
Additional References  
Rule References bugtraq: 9973