Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
Name HPSBPI02732 SSRT100435 First vendor Publication 2011-12-21
Vendor HP Last vendor Modification 2011-12-21
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 1

OpenVAS Exploits

Date Description
2011-12-28 Name : HP Managed Printing Administration Multiple Vulnerabilities
File : nvt/secpod_hp_managed_printing_admin_mult_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78018 HP Managed Printing Administration Unspecified Access Restriction Bypass

78017 HP Managed Printing Administration jobDelivery\Default.asp Traversal Arbitrar...

78016 HP Managed Printing Administration VMPAUploader.dll3 default.asp filename Par...

78015 HP Managed Printing Administration MPAUploader.Uploader.1.UploadFiles() Funct...

Nessus® Vulnerability Scanner

Date Description
2012-01-26 Name : The remote web server hosts an ASP application that is affected by multiple v...
File : hp_managed_printing_administration_264.nasl - Type : ACT_GATHER_INFO
2012-01-26 Name : The remote web server hosts a web application that is affected by a directory...
File : hp_managed_printing_administration_dir_traversal.nasl - Type : ACT_DESTRUCTIVE_ATTACK