CVE-2004-1857

Currently unrated

Key Information:

Vendor: HP
Status: Web Jetadmin
Vendor: CVE Published:; 24 March 2004

Summary

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

References

http://www.securityfocus.com/advisories/6492

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=108016019623003&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/9972

vdb-entryx_refsource_BID

EPSS Score

49% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Mar 24, 2004