{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"HP Web JetAdmin Version 5.6 (Microsoft Windows 2000)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (Red Hat Linux)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (Solaris)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (Linux - SuSe)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (Novell Netware)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (HP-UX 11.x)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (HP-UX 10.20)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"HP Web JetAdmin Version 5.6 (Microsoft Windows NT 4.0) (Test\u00e9 par CERTA)","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPar le biais d'une URL construite astucieusement, un utilisateur mal\nintentionn\u00e9 peu avoir acc\u00e8s \u00e0 certains fichiers pr\u00e9sents sur le serveur\n\u00e9quip\u00e9 de HP Web JetAdmin.\n\n## Solution\n\n## 4.1 Passage en version 6\n\nLe passage en version 6 de HP Web jetAdmin supprime cette vuln\u00e9rabilit\u00e9\nmais une autre faille a \u00e9t\u00e9 d\u00e9couverte : gr\u00e2ce \u00e0 une URL mal form\u00e9e un\nutilisateur distant peut entra\u00eener un d\u00e9ni de service sur la machine\nh\u00e9bergeant HP Web JetAdmin.\n\n## 4.2 Solution temporaire\n\nDans le gestionnaire de l'application, n'autoriser l'acc\u00e8s que sur des\nadresses IP de machines reconnues s\u00fbres.\n\nEditeur Inform\u00e9 : Un correctif est en cours de r\u00e9alisation.\n","cves":[],"links":[],"reference":"CERTA-2000-AVI-003","revisions":[{"description":"version initiale.","revision_date":"2000-05-29T00:00:00.000000"}],"risks":[{"description":"Acc\u00e8s aux donn\u00e9es"},{"description":"Contournement des r\u00e8gles de s\u00e9curit\u00e9"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 sous HP Web JetAdmin Version 5.6 et ant\u00e9rieures","vendor_advisories":[{"published_at":null,"title":"CERT HP","url":null},{"published_at":null,"title":"ussrback","url":null}]}