Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2549 |
Message | MISC HP Web JetAdmin file write attempt |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the web interface support for the HP JetAdmin printer. |
Impact | A successful attack may allow a sensitive system file to be overwritten. |
Detailed Information | The HP Web JetAdmin provides a web interface for the administration of the HP Web JetAdmin printer. A vulnerability is present that allows an existing file on the server to be overwritten. This problem exists because the script /plugins/framework/script/tree.xms does not sanitize the value supplied to the parameter WriteToFile, permitting a directory traversal from the web root directory to any file. An attacker can supply the data to write to the specified file. |
Affected Systems | HP Web JetAdmin 7.2. |
Attack Scenarios | An attacker can overwrite a sensitive system file using the WriteToFile parameter and supplying the data to write to the file. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software or apply the appropriate patch when it becomes available. |
Additional References | |
Rule References | bugtraq: 9973 |
--
DID:776976
--
http://www.aanval.com/