HP Web JetAdmin wja Arbitrary File Access

2000-05-24T00:00:00
ID OSVDB:1350
Type osvdb
Reporter Ussr Labs(labs@ussrback.com)
Modified 2000-05-24T00:00:00

Description

Vulnerability Description

HP JetAdmin contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "wja" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "page" variable.

Solution Description

Upgrade to version 6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP JetAdmin contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "wja" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "page" variable.

Manual Testing Notes

http://[victim]:8000/cgi/wja?page=/../../../WINNT/repair/sam._

References:

Vendor URL: http://www.hp.com/ Other Advisory URL: http://www.ussrback.com/labs41.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html Keyword: Directory Traversal ISS X-Force ID: 4525 CVE-2000-0443 Bugtraq ID: 1243