CVE-2004-1857

HP Web Jetadmin 7.5.2546 - Authenticated Directory Traversal via setinclude Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1857. PoCs published by wirepair.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in HP Web JetAdmin via the 'setinclude' parameter in 'setinfo.hts', allowing remote attackers to access files outside the server root. It can be combined with another vulnerability (BID 9971) for arbitrary file upload and potential unauthorized access.

Description

Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by wirepair · textremotewindows

https://www.exploit-db.com/exploits/23879

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in HP Web JetAdmin via the 'setinclude' parameter in 'setinfo.hts', allowing remote attackers to access files outside the server root. It can be combined with another vulnerability (BID 9971) for arbitrary file upload and potential unauthorized access.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HP Web JetAdmin version 7.5.2546

Auth required

Prerequisites: Authenticated account · Network access to the vulnerable HP Web JetAdmin instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by wirepair · textremotewindows

https://www.exploit-db.com/exploits/23880

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in HP Web Jetadmin by manipulating the `obj` parameter to execute arbitrary commands via the `httpd:WriteToFile` function. The PoC demonstrates creating a user account by injecting a command into the configuration file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP Web Jetadmin 7.5.2546

Auth required

Prerequisites: Authenticated access to HP Web Jetadmin · Network access to the target system

MITRE ATT&CK

T1202 - Indirect Command Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_hp

http://www.securityfocus.com/advisories/6492

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108016019623003&w=2

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9972

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15606

Scores

EPSS 0.8683

EPSS Percentile 99.7%

Details

Status published

Products (1)

hp/web_jetadmin 7.5.2546

Published Mar 24, 2004

Tracked Since Feb 18, 2026