 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.12120 |
| Categoría: | Web Servers |
| Título: | HP Jet Admin 7.x Directory Traversal |
| Resumen: | The remote HP Web JetAdmin suffers from a number of vulnerabilities. The; current running version is vulnerable to a directory traversal attack via the setinfo.hts script. |
| Descripción: | Summary: The remote HP Web JetAdmin suffers from a number of vulnerabilities. The current running version is vulnerable to a directory traversal attack via the setinfo.hts script. Vulnerability Impact: A remote attacker can access files by requesting the following string: /plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../hptrace.ini Solution: To set a password for the HP Web Jet Admin service follow these steps: 1. In the navigation menu select General Settings, and expand the tree. 2. Expand Profiles Administration 3. Select Add/Remove Profiles 4. In the User Profiles page, if a password has not been set, select the 'Note: To enable security features, an Admin password must be set.' link. 5. Set an administrator password. It is strongly recommended that access be restricted by IP Addresses: 1. Expand the General Settings tree. 2. Select the HTTP (Web) branch. 3. Under the 'Allow HP Web Jetadmin Access' add your administration IP host or range. HP Also recommends removing all files that are included in the test directory. On a default installation this would be in the directory C:\Program Files\HP Web Jetadmin\doc\plugins\hpjdwm\script\ CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1857 BugTraq ID: 9972 http://www.securityfocus.com/bid/9972 Bugtraq: 20040324 HP Web JetAdmin vulnerabilities. (Google Search) http://marc.info/?l=bugtraq&m=108016019623003&w=2 HPdes Security Advisory: SSRT4700 http://www.securityfocus.com/advisories/6492 XForce ISS Database: hp-jetadmin-setinfo-directory-traversal(15606) https://exchange.xforce.ibmcloud.com/vulnerabilities/15606 |
| Copyright | Copyright (C) 2004 wirepair |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |