HP Web Jetadmin framework.ini Path Disclosure

2004-05-04T06:52:41
ID OSVDB:5791
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2004-05-04T06:52:41

Description

Vulnerability Description

HP Jetadmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when any page is generated by the .HTS scripts, which will disclose the location of the file framework.ini, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP Jetadmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when any page is generated by the .HTS scripts, which will disclose the location of the file framework.ini, resulting in a loss of confidentiality.

Manual Testing Notes

Example: <!-- framework.ini F:\Program Files\HP Web JetAdmin\doc\plugins\framework\framework.ini -->

References:

Vendor Specific Advisory URL Secunia Advisory ID:11536 Related OSVDB ID: 5793 Related OSVDB ID: 5798 Related OSVDB ID: 5792 Related OSVDB ID: 5794 Related OSVDB ID: 5796 Related OSVDB ID: 5790 Related OSVDB ID: 5795 Related OSVDB ID: 5797 Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt CERT VU: 606673 Bugtraq ID: 10224