header-logo
Suggest Exploit
vendor:
JetAdmin Web Interface Server
by:
5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: JetAdmin Web Interface Server
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2000-0814
CPE: a:hp:jetadmin_web_interface_server
Metasploit:
Other Scripts:
Platforms Tested:

JetAdmin Web Interface Server Directory Traversal Vulnerability

By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of JetAdmin Web Interface Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1243/info

By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.

http://target:8000/cgi/wja?page=/../../../filename

Navigation

Suggest Exploit

Services By CQR