CVE-2008-4419: Path Traversal
First published: Thu Feb 05 2009(Updated: )
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP LaserJet 4350n | <=20080319_08.015.0 | |
| HP LaserJet 2420 | <=20070410_08.112.3 | |
| HP LaserJet 9040 MFP | <=20080204_08.110.0 | |
| HP LaserJet 4250n | <=20080319_08.015.0 | |
| HP LaserJet m4345x MFP | <=20081211_09.131.1 | |
| HP LaserJet 9050 MFP | <=20080204_08.110.0 | |
| HP LaserJet M9040 | <=20080204_08.110.0 | |
| HP LaserJet 2430n | <=20070410_08.112.3 | |
| HP Color LaserJet 9500 MFP | <=20070719_05.011.2 | |
| HP LaserJet 9050n | <=20080204_08.110.0 | |
| HP Color LaserJet 4370 MFP | <=20081211_46.211.2 | |
| HP LaserJet 2410 | <=20070410_08.112.3 | |
| HP Digital Sender | <=20081211_09.131.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/33611
- http://secunia.com/advisories/33779
- http://www.securitytracker.com/id?1021687
- http://www.vupen.com/english/advisories/2009/0341
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
- http://www.securityfocus.com/archive/1/500657/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-4419?
CVE-2008-4419 has a medium severity rating as it allows potentially unauthorized access to the file system.
How do I fix CVE-2008-4419?
To fix CVE-2008-4419, update the affected HP LaserJet and Color LaserJet models to the latest firmware versions specified by the vendor.
What products are affected by CVE-2008-4419?
CVE-2008-4419 affects several HP LaserJet models including the LaserJet 9040mfp, 9050mfp, and Color LaserJet 9500mfp, among others.
What kind of vulnerability is CVE-2008-4419?
CVE-2008-4419 is a directory traversal vulnerability that can be exploited to access restricted files on the server.
Can CVE-2008-4419 be exploited remotely?
Yes, CVE-2008-4419 can be exploited remotely, allowing attackers to access sensitive files without physical access to the printer.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp laserjet 4350n
- version/hp laserjet 4350n/20080319_08.015.0
- canonical/hp laserjet 2420
- version/hp laserjet 2420/20070410_08.112.3
- canonical/hp laserjet 9040 mfp
- version/hp laserjet 9040 mfp/20080204_08.110.0
- canonical/hp laserjet 4250n
- version/hp laserjet 4250n/20080319_08.015.0
- canonical/hp laserjet m4345x mfp
- version/hp laserjet m4345x mfp/20081211_09.131.1
- canonical/hp laserjet 9050 mfp
- version/hp laserjet 9050 mfp/20080204_08.110.0
- canonical/hp laserjet m9040
- version/hp laserjet m9040/20080204_08.110.0
- canonical/hp laserjet 2430n
- version/hp laserjet 2430n/20070410_08.112.3
- canonical/hp color laserjet 9500 mfp
- version/hp color laserjet 9500 mfp/20070719_05.011.2
- canonical/hp laserjet 9050n
- version/hp laserjet 9050n/20080204_08.110.0
- canonical/hp color laserjet 4370 mfp
- version/hp color laserjet 4370 mfp/20081211_46.211.2
- canonical/hp laserjet 2410
- version/hp laserjet 2410/20070410_08.112.3
- canonical/hp digital sender
- version/hp digital sender/20081211_09.131.1