Directory Traversal Vulnerability in HP Web Jetadmin
CVE-2004-1857

Currently unrated

Key Information:

Vendor

HP
Status
Web Jetadmin
Vendor
CVE Published:
24 March 2004

What is CVE-2004-1857?

A directory traversal vulnerability exists in the setinfo.hts component of HP Web Jetadmin 7.5.2546. This flaw allows remote authenticated attackers to exploit the application by manipulating the 'setinclude' parameter with a series of '../' sequences. Successful exploitation can lead to unauthorized access, enabling attackers to read arbitrary files on the server. This poses significant risks, including potential exposure of sensitive information and system configuration files.

References

http://www.securityfocus.com/advisories/6492
vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=108016019623003&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/9972
vdb-entryx_refsource_BID

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.