On a recent audit, I discovered two windows hosts that were running versions of HP Web JetAdmin. Time on site was limited, so I didn't get to touch the boxes to find out which versions were actually installed. Nmap returned the following service versions:
Port 8000 of the first box showed "HP Web Jetadmin/2.0.39 (Win32) mod_ssl/2.0.39 OpenSSL/0.9.6c". Port 8000 of the second box showed "HP Web Jetadmin/2.0.43 (Win32) mod_ssl/2.0.43 OpenSSL/0.9.6i".
Since HP Web JetAdmin is based on Apache httpd server, Apache mod_ssl, and OpenSSL, I've been concerned about possible vulnerabilities with these products. On both hosts Nessus reported possible problems with mod_ssl based on its version number.
Has anyone matched up the HP Web JetAdmin service banners with HP Web JetAdmin versions? From what I could uncover at the HP site, JetAdmin 7.5 may be using Apache 2.0.39 or greater. A HP Support KB article stated that JetAdmin 7.0 incorrectly reported its OpenSSL component as being version 0.9.6c instead of 0.9.6g. So just a comparison of the two banners lead me to believe the first to be JetAmin 7.0 or greater, and the second to be JetAdmin 7.5.
Are there any known vulnerabilities for JetAmin 7.0 or 7.5? HP Web JetAdmin versions 5.6 and 6.0 appear to have DoS vulnerabilities, but I havent' turned up any mention for later versions.
Port 8000 of the first box showed "HP Web Jetadmin/2.0.39 (Win32) mod_ssl/2.0.39 OpenSSL/0.9.6c". Port 8000 of the second box showed "HP Web Jetadmin/2.0.43 (Win32) mod_ssl/2.0.43 OpenSSL/0.9.6i".
Since HP Web JetAdmin is based on Apache httpd server, Apache mod_ssl, and OpenSSL, I've been concerned about possible vulnerabilities with these products. On both hosts Nessus reported possible problems with mod_ssl based on its version number.
Has anyone matched up the HP Web JetAdmin service banners with HP Web JetAdmin versions? From what I could uncover at the HP site, JetAdmin 7.5 may be using Apache 2.0.39 or greater. A HP Support KB article stated that JetAdmin 7.0 incorrectly reported its OpenSSL component as being version 0.9.6c instead of 0.9.6g. So just a comparison of the two banners lead me to believe the first to be JetAmin 7.0 or greater, and the second to be JetAdmin 7.5.
Are there any known vulnerabilities for JetAmin 7.0 or 7.5? HP Web JetAdmin versions 5.6 and 6.0 appear to have DoS vulnerabilities, but I havent' turned up any mention for later versions.
Bill...
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]