CVE-2006-1654
First published: Thu Apr 06 2006(Updated: )
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Color LaserJet 2500 Toolbox | ||
| HP Color LaserJet 4600 Toolbox | ||
| HP Color LaserJet | =4600dn | |
| HP Color LaserJet | =4600dtn | |
| HP Color LaserJet | =4600hdn | |
| HP Color LaserJet | ||
| HP Color LaserJet 2500 | ||
| HP Color LaserJet 2500n | ||
| HP Color LaserJet 2500n | ||
| HP Color LaserJet 2500n | ||
| HP Color LaserJet 4600dtn |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html
- http://www.securityfocus.com/bid/17367
- http://securitytracker.com/id?1015862
- http://secunia.com/advisories/19529
- http://www.osvdb.org/24396
- http://www.vupen.com/english/advisories/2006/1230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25627
- http://www.securityfocus.com/archive/1/429984/100/0/threaded
- http://www.securityfocus.com/archive/1/429893/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1654?
CVE-2006-1654 has a moderate severity rating due to its potential to allow unauthorized access to sensitive files.
How do I fix CVE-2006-1654?
To fix CVE-2006-1654, update the HP Color LaserJet Toolbox software to a version released after April 2, 2006.
Which systems are affected by CVE-2006-1654?
CVE-2006-1654 affects HP Color LaserJet 2500 and 4600 series printers running specific versions of their Toolbox software.
Can CVE-2006-1654 allow remote file access?
Yes, CVE-2006-1654 allows remote attackers to exploit the directory traversal vulnerability to read arbitrary files.
What action should I take if my system is vulnerable to CVE-2006-1654?
If your system is vulnerable to CVE-2006-1654, it is essential to immediately update the software or disable remote access features until an update is applied.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/hp
- product/color laserjet 2500l
- canonical/hp color laserjet 2500l
- product/color laserjet
- canonical/hp color laserjet
- product/color laserjet 2500lse
- canonical/hp color laserjet 2500lse
- product/color laserjet 2500
- canonical/hp color laserjet 2500
- product/color laserjet 2500n
- canonical/hp color laserjet 2500n
- product/color laserjet 2500 toolbox
- canonical/hp color laserjet 2500 toolbox
- product/color laserjet 4600 toolbox
- canonical/hp color laserjet 4600 toolbox
- product/color laserjet 4600
- canonical/hp color laserjet 4600
- product/color laserjet 2500tn
- canonical/hp color laserjet 2500tn
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/hp color laserjet/4600hdn
- version/hp color laserjet/4600dtn
- canonical/hp color laserjet 4600dtn
- version/hp color laserjet/4600dn