Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2655 |
Message | MISC HP Web JetAdmin ExecuteFile admin access |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with an HP WebJetAdmin web server. |
Impact | A successful attack may allow the execution of arbitrary code as root on UNIX and SYSTEM on Windows on a vulnerable server. |
Detailed Information | The HP Web JetAdmin application allows users to manage HP JetDirect-connected printers within their intranet using a browser. The httpd core supports an exported function called ExecuteFile. A vulnerability exists that allows the uploading and execution of unauthorized files by posting a malicious http request with the script /plugins/framework/script/content.hts in conjunction with ExecuteFile function to the web server. Discovery of the vulnerability is credited to FX of Phenoelit. |
Affected Systems | HP Web JetAdmin 6.5. |
Attack Scenarios | An attacker can create upload and execute a malicious file on a vulnerable server. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | Phenoelit: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt> Hewlett-Packard: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01026 |
Rule References | bugtraq: 10224 |
--
DID:681135
--
http://www.aanval.com/