Check Point Reference: | CPAI-2004-128 |
Date Published: | 17 Nov 2009 |
Severity: | High |
Last Updated: | Tuesday 17 November, 2009 |
Source: | |
Industry Reference: | CVE-2004-1856 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | HP Web JetAdmin is an enterprise tool that allows administrator to install, configure, and administer Hewlett Packard (as well as non-HP) peripherals, such as a printer, through a web-based interface. There are three separate vulnerabilities within HP Web JetAdmin that will allow a malicious attacker to execute arbitrary code on the remote server. The three vulnerabilities will be discussed separately. There are multiple vulnerabilities within HP Web JetAdmin, a web based software program developed by Hewlett Packard. It is possible, through the use of multiple vulnerabilities, for the attacker to execute arbitrary code on the remote server running HP Web JetAdmin in a ROOT level context. There is no difference in the behaviour of a server running a vulnerable version of HP Web JetAdmin when encountering the uploading of a real firmware update versus any other type of file (i.e. "hts file, executable"). The target will include the specified file in the HTTP reply content. The file data begins right after the HTTP header and ends two line-feeds (a 0x0A character) before the tag. The behaviour of the attack target depends entirely on the input injected by the attacker into the malicious request. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: HP Products Protection Violation.
Attack Information: HP WEB JETADMIN denial of service