Vulnerabilities > CVE-2004-1857 - Directory Traversal vulnerability in HP web Jetadmin 7.5.2546

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
hp
nessus
exploit available
NVD
Published: 2004-03-24
Updated: 2017-07-11

Summary

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

Vulnerable Configurations

Part Description Count
Application
Hp
1

Exploit-Db

  • descriptionHP Web Jetadmin 7.5.2456 Remote Arbitrary Command Execution Vulnerability. CVE-2004-1857. Remote exploit for windows platform
    idEDB-ID:23880
    last seen2016-02-02
    modified2004-03-24
    published2004-03-24
    reporterwirepair
    sourcehttps://www.exploit-db.com/download/23880/
    titleHP Web Jetadmin 7.5.2456 - Remote Arbitrary Command Execution Vulnerability
  • descriptionHP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability. CVE-2004-1857 . Remote exploit for windows platform
    idEDB-ID:23879
    last seen2016-02-02
    modified2004-03-24
    published2004-03-24
    reporterwirepair
    sourcehttps://www.exploit-db.com/download/23879/
    titleHP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability

Nessus

NASL familyCGI abuses
NASL idHP_JADM_VULN.NASL
descriptionThe remote HP Web JetAdmin suffers from a number of vulnerabilities. The current running version is vulnerable to a directory traversal attack via the setinfo.hts script. A remote attacker could exploit this flaw to access arbitrary files on the host.
last seen2020-06-01
modified2020-06-02
plugin id12120
published2004-03-30
reporter(C) 2004-2018 wirepair
sourcehttps://www.tenable.com/plugins/nessus/12120
titleHP Web JetAdmin setinfo.hts setinclude Parameter Traversal Arbitrary File Access

References