PT-2009-1241 · Hewlett Packard · Laserjet 9040Mfp+14
Published
2009-02-05
·
Updated
2018-10-11
·
CVE-2008-4419
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp versions prior to firmware 08.110.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9050mfp versions prior to firmware 08.110.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the Color LaserJet 9500mfp versions prior to firmware 08.110.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 4345mfp versions prior to firmware 09.120.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9200C Digital Sender versions prior to firmware 09.120.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the Color LaserJet 4730mfp versions prior to firmware 46.200.9
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 2410 versions prior to firmware 20080819 SPCL112A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 2420 versions prior to firmware 20080819 SPCL112A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 2430 versions prior to firmware 20080819 SPCL112A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 4250 versions prior to firmware 20080819 SPCL015A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 4350 versions prior to firmware 20080819 SPCL015A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040 versions prior to firmware 20080819 SPCL110A
HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9050 versions prior to firmware 20080819 SPCL110A
Description
The issue allows remote attackers to read arbitrary files via directory traversal sequences in the URI. This is a result of a directory traversal vulnerability in the HP JetDirect web administration interface.
Recommendations
For LaserJet 9040mfp, update to firmware 08.110.9 or later.
For LaserJet 9050mfp, update to firmware 08.110.9 or later.
For Color LaserJet 9500mfp, update to firmware 08.110.9 or later.
For LaserJet 4345mfp, update to firmware 09.120.9 or later.
For LaserJet 9200C Digital Sender, update to firmware 09.120.9 or later.
For Color LaserJet 4730mfp, update to firmware 46.200.9 or later.
For LaserJet 2410, update to firmware 20080819 SPCL112A or later.
For LaserJet 2420, update to firmware 20080819 SPCL112A or later.
For LaserJet 2430, update to firmware 20080819 SPCL112A or later.
For LaserJet 4250, update to firmware 20080819 SPCL015A or later.
For LaserJet 4350, update to firmware 20080819 SPCL015A or later.
For LaserJet 9040, update to firmware 20080819 SPCL110A or later.
For LaserJet 9050, update to firmware 20080819 SPCL110A or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Color Laserjet 4730Mfp
Color Laserjet 9500Mfp
Hp Jetdirect
Hp-Chaisoe
Laserjet 2410
Laserjet 2420
Hp Laserjet 2430
Laserjet 4250
Laserjet 4345Mfp
Laserjet 4350
Laserjet 9040
Laserjet 9040Mfp
Laserjet 9050
Laserjet 9050Mfp
Laserjet 9200C Digital Sender