CVE-2008-4419

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:hp:9200c_digital_sender:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4370mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-02-05 00:30

Updated : 2024-02-28 11:21


NVD link : CVE-2008-4419

Mitre link : CVE-2008-4419

CVE.ORG link : CVE-2008-4419


JSON object : View

Products Affected

hp

  • laserjet_2420
  • laserjet_9040
  • 9200c_digital_sender
  • laserjet_9050
  • laserjet_4250
  • laserjet_4350
  • color_laserjet_4370mfp
  • color_laserjet_9500mfp
  • laserjet_2430
  • laserjet_4345mfp
  • laserjet_9050mfp
  • laserjet_9040mfp
  • laserjet_2410
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')