CVE-2010-4107: Path Traversal
First published: Wed Nov 17 2010(Updated: )
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP LaserJet 4200 | ||
| HP LaserJet 4100 | ||
| Hp Color Laserjet Mfp | ||
| HP LaserJet MFP | ||
| Hp 9000 | ||
| HP LaserJet 5100 | ||
| Hp Laserjet 8150 | ||
| Hp Laserjet 4300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/2987
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333
- http://secunia.com/advisories/42238
- http://securitytracker.com/id?1024741
- http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf
- http://www.securityfocus.com/bid/44882
- http://www.exploit-db.com/exploits/15631
- http://securityreason.com/securityalert/8328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63261
- agent/weakness
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp laserjet 4200
- canonical/hp laserjet 4100
- canonical/hp color laserjet mfp
- canonical/hp laserjet mfp
- canonical/hp 9000
- canonical/hp laserjet 5100
- canonical/hp laserjet 8150
- canonical/hp laserjet 4300