|
HP Web Jetadmin Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA11536
|
|
|
Release Date:
|
2004-05-04
|
|
Popularity:
|
7,306 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP Web Jetadmin 6.x
HP Web Jetadmin 7.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
FX has reported multiple vulnerabilities in HP Web Jetadmin, where the most serious issues can be combined to compromise a vulnerable system.
1) The content of scripts can be disclosed by appending a dot (".") at the end of a requested URL.
2) The location of the file "framework.ini", which contains various critical entries (encrypted passwords, user permissions etc.), can be disclosed by viewing the source of certain HTML files. The problem is that HTML files generated by a ".HTS" script will include this information in a HTML comment line.
3) The "framework.ini" file is by default located inside the web server's root directory.
Example:
http://[victim]:8000/plugins/framework/framework.ini
4) The encryption scheme employed by the application to encrypt various account information is reportedly weak and can be easily reversed. Some of this information can e.g. then be used in replay attacks.
5) An error when handling encrypted strings can be exploited to make the application enter an infinite loop by passing a value of 0xFFFF as the length of the encrypted data. Successful exploitation freezes the service.
6) The user authentication can be bypassed when accessing the Web Jetadmin functionality. This can be exploited to perform various actions by leaving out the string "Framework:CheckPassword;" in the "obj" parameter of a HTTP POST request when accessing functions.
The vulnerabilities have been reported in version 6.5 and partly in versions 7.0, 6.2 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
