Summary
This host is installed with HP Managed Printing Administration and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to perform directory traversal attacks , create and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to HP Managed Printing Administration version 2.6.4 or later, For updates refer to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469
Insight
The flaws are due to
- Errors in the MPAUploader.Uploader.1.UploadFiles() and MPAUploader.dll allows to create arbitrary files via crafted form data.
- An improper validation of user supplied input to 'hpmpa/jobDelivery/Default.asp' script, allows attackers to create or read arbitrary files via a ../(dot dot) sequences.
Affected
HP Managed Printing Administration before 2.6.4
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469
- http://seclists.org/bugtraq/2011/Dec/153
- http://seclists.org/fulldisclosure/2011/Dec/412
- http://secunia.com/advisories/47329/
- http://securitytracker.com/id/1026456
- http://www.zerodayinitiative.com/advisories/ZDI-11-352/
- http://www.zerodayinitiative.com/advisories/ZDI-11-353/
- http://www.zerodayinitiative.com/advisories/ZDI-11-354/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities