Vulnerabilities > CVE-2004-1857 - Directory Traversal vulnerability in HP web Jetadmin 7.5.2546
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description HP Web Jetadmin 7.5.2456 Remote Arbitrary Command Execution Vulnerability. CVE-2004-1857. Remote exploit for windows platform id EDB-ID:23880 last seen 2016-02-02 modified 2004-03-24 published 2004-03-24 reporter wirepair source https://www.exploit-db.com/download/23880/ title HP Web Jetadmin 7.5.2456 - Remote Arbitrary Command Execution Vulnerability description HP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability. CVE-2004-1857 . Remote exploit for windows platform id EDB-ID:23879 last seen 2016-02-02 modified 2004-03-24 published 2004-03-24 reporter wirepair source https://www.exploit-db.com/download/23879/ title HP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability
Nessus
NASL family | CGI abuses |
NASL id | HP_JADM_VULN.NASL |
description | The remote HP Web JetAdmin suffers from a number of vulnerabilities. The current running version is vulnerable to a directory traversal attack via the setinfo.hts script. A remote attacker could exploit this flaw to access arbitrary files on the host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12120 |
published | 2004-03-30 |
reporter | (C) 2004-2018 wirepair |
source | https://www.tenable.com/plugins/nessus/12120 |
title | HP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access |