HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities

2011-12-2700:00:00

Tenable

www.tenable.com

JSON

The remote web server is hosting HP Managed Printing Administration, a printer management application.

Versions of HP Managed Printing Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :

Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. (CVE-2011-4166)

An extended length string can be passed into scripts within the management website and ultimately to MPAUploader.dll which could be exploited to execute arbitrary code. (CVE-2011-4167)
Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remote create arbitrary files. (CVE-2011-4168)

Binary data 6113.prm

VendorProductVersionCPE
hpmanaged_printing_administrationcpe:/a:hp:managed_printing_administration

Vendor	Product	Version	CPE
hp	managed_printing_administration		cpe:/a:hp:managed_printing_administration

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4166

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4167

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4168

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4169

www.zerodayinitiative.com/advisories/ZDI-11-352

www.zerodayinitiative.com/advisories/ZDI-11-353

www.zerodayinitiative.com/advisories/ZDI-11-354

JSON

Related for 6113.PRM