CVE-2008-4419: Path Traversal
First published: Thu Feb 05 2009(Updated: )
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Laserjet 4350 | <=20080319_08.015.0 | |
| Hp Laserjet 2420 | <=20070410_08.112.3 | |
| Hp Laserjet 9040 | <=20080204_08.110.0 | |
| Hp Laserjet 4250 | <=20080319_08.015.0 | |
| Hp Laserjet 4345mfp | <=20081211_09.131.1 | |
| Hp Laserjet 9050 | <=20080204_08.110.0 | |
| Hp Laserjet 9040mfp | <=20080204_08.110.0 | |
| HP LaserJet 2430 | <=20070410_08.112.3 | |
| Hp Color Laserjet 9500mfp | <=20070719_05.011.2 | |
| Hp Laserjet 9050mfp | <=20080204_08.110.0 | |
| Hp Color Laserjet 4370mfp | <=20081211_46.211.2 | |
| Hp Laserjet 2410 | <=20070410_08.112.3 | |
| Hp 9200c Digital Sender | <=20081211_09.131.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/33611
- http://secunia.com/advisories/33779
- http://www.securitytracker.com/id?1021687
- http://www.vupen.com/english/advisories/2009/0341
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
- http://www.securityfocus.com/archive/1/500657/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp laserjet 4350
- version/hp laserjet 4350/20080319_08.015.0
- canonical/hp laserjet 2420
- version/hp laserjet 2420/20070410_08.112.3
- canonical/hp laserjet 9040
- version/hp laserjet 9040/20080204_08.110.0
- canonical/hp laserjet 4250
- version/hp laserjet 4250/20080319_08.015.0
- canonical/hp laserjet 4345mfp
- version/hp laserjet 4345mfp/20081211_09.131.1
- canonical/hp laserjet 9050
- version/hp laserjet 9050/20080204_08.110.0
- canonical/hp laserjet 9040mfp
- version/hp laserjet 9040mfp/20080204_08.110.0
- canonical/hp laserjet 2430
- version/hp laserjet 2430/20070410_08.112.3
- canonical/hp color laserjet 9500mfp
- version/hp color laserjet 9500mfp/20070719_05.011.2
- canonical/hp laserjet 9050mfp
- version/hp laserjet 9050mfp/20080204_08.110.0
- canonical/hp color laserjet 4370mfp
- version/hp color laserjet 4370mfp/20081211_46.211.2
- canonical/hp laserjet 2410
- version/hp laserjet 2410/20070410_08.112.3
- canonical/hp 9200c digital sender
- version/hp 9200c digital sender/20081211_09.131.1