Check Point Advisories

HP WEB JETADMIN Denial of Service (CVE-2004-1856)

Check Point Reference: CPAI-2004-128
Date Published: 17 Nov 2009
Severity: High
Last Updated: Tuesday 17 November, 2009
Source:
Industry Reference:CVE-2004-1856
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description HP Web JetAdmin is an enterprise tool that allows administrator to install, configure, and administer Hewlett Packard (as well as non-HP) peripherals, such as a printer, through a web-based interface. There are three separate vulnerabilities within HP Web JetAdmin that will allow a malicious attacker to execute arbitrary code on the remote server. The three vulnerabilities will be discussed separately. There are multiple vulnerabilities within HP Web JetAdmin, a web based software program developed by Hewlett Packard. It is possible, through the use of multiple vulnerabilities, for the attacker to execute arbitrary code on the remote server running HP Web JetAdmin in a ROOT level context. There is no difference in the behaviour of a server running a vulnerable version of HP Web JetAdmin when encountering the uploading of a real firmware update versus any other type of file (i.e. "hts file, executable"). The target will include the specified file in the HTTP reply content. The file data begins right after the HTTP header and ends two line-feeds (a 0x0A character) before the tag. The behaviour of the attack target depends entirely on the input injected by the attacker into the malicious request.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the HP WEB JETADMIN Denial of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  HP Products Protection Violation.
Attack Information:  HP WEB JETADMIN denial of service

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK