ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
References
Link | Resource |
---|---|
http://online.securityfocus.com/advisories/4317 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
http://www.iss.net/security_center/static/9695.php | Broken Link |
http://www.phenoelit.de/stuff/HP_Chai.txt | Broken Link Vendor Advisory |
http://www.securityfocus.com/archive/1/284648 | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/5334 | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Feb 2024, 20:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.phenoelit.de/stuff/HP_Chai.txt - Broken Link, Vendor Advisory | |
References | (XF) http://www.iss.net/security_center/static/9695.php - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/284648 - Broken Link, Third Party Advisory, VDB Entry | |
References | (HP) http://online.securityfocus.com/advisories/4317 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/5334 - Broken Link, Third Party Advisory, VDB Entry | |
First Time |
Hp laserjet 4500
Hp laserjet 4100 Hp laserjet 8150 Hp laserjet 4550 Hp chaivm Ezloader |
|
CWE | CWE-347 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CPE | cpe:2.3:h:hp:laserjet_4100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:laserjet_4500:-:*:*:*:*:*:*:* cpe:2.3:h:hp:laserjet_4550:-:*:*:*:*:*:*:* cpe:2.3:h:hp:laserjet_8150:-:*:*:*:*:*:*:* cpe:2.3:a:hp:chaivm_ezloader:-:*:*:*:*:*:*:* |
Information
Published : 2002-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-1796
Mitre link : CVE-2002-1796
CVE.ORG link : CVE-2002-1796
JSON object : View
Products Affected
hp
- laserjet_4550
- laserjet_4100
- laserjet_4500
- laserjet_8150
- chaivm_ezloader
CWE
CWE-347
Improper Verification of Cryptographic Signature