Directory Traversal Vulnerability in HP Web Jetadmin
CVE-2004-1857

Currently unrated

Key Information:

Vendor: HP
Status: Web Jetadmin
Vendor: CVE Published:; 24 March 2004

Summary

A directory traversal vulnerability exists in the setinfo.hts component of HP Web Jetadmin 7.5.2546. This flaw allows remote authenticated attackers to exploit the application by manipulating the 'setinclude' parameter with a series of '../' sequences. Successful exploitation can lead to unauthorized access, enabling attackers to read arbitrary files on the server. This poses significant risks, including potential exposure of sensitive information and system configuration files.

References

http://www.securityfocus.com/advisories/6492

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=108016019623003&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/9972

vdb-entryx_refsource_BID

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Mar 24, 2004