The remote web server is hosting HP Managed Printing Administration, a printer management application.
Versions of HP Managed Printing Administration earlier than 2.6.4 are potentially affected by multiple vulnerabilities :
Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files. (CVE-2011-4166)
An extended length string can be passed into scripts within the management website and ultimately to MPAUploader.dll which could be exploited to execute arbitrary code. (CVE-2011-4167)
Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remote create arbitrary files. (CVE-2011-4168)
Binary data 6113.prm
Vendor | Product | Version | CPE |
---|---|---|---|
hp | managed_printing_administration | cpe:/a:hp:managed_printing_administration |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4169
www.zerodayinitiative.com/advisories/ZDI-11-352
www.zerodayinitiative.com/advisories/ZDI-11-353
www.zerodayinitiative.com/advisories/ZDI-11-354