CVE-2008-4419

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:hp:9200c_digital_sender:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4370mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905 -
References () http://secunia.com/advisories/33779 - () http://secunia.com/advisories/33779 -
References () http://www.securityfocus.com/archive/1/500657/100/0/threaded - () http://www.securityfocus.com/archive/1/500657/100/0/threaded -
References () http://www.securityfocus.com/bid/33611 - () http://www.securityfocus.com/bid/33611 -
References () http://www.securitytracker.com/id?1021687 - () http://www.securitytracker.com/id?1021687 -
References () http://www.vupen.com/english/advisories/2009/0341 - () http://www.vupen.com/english/advisories/2009/0341 -

Information

Published : 2009-02-05 00:30

Updated : 2024-11-21 00:51


NVD link : CVE-2008-4419

Mitre link : CVE-2008-4419

CVE.ORG link : CVE-2008-4419


JSON object : View

Products Affected

hp

  • laserjet_9050
  • color_laserjet_4370mfp
  • laserjet_4250
  • laserjet_4345mfp
  • laserjet_2420
  • laserjet_9050mfp
  • 9200c_digital_sender
  • color_laserjet_9500mfp
  • laserjet_2410
  • laserjet_4350
  • laserjet_9040mfp
  • laserjet_2430
  • laserjet_9040
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')