|
Description
|
|
A vulnerability has been identified in HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders, which could be exploited by attackers to disclose sensitive information. This issue is caused by an input validation error in the embedded HTTP server when processing user-supplied requests, which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files on a vulnerable system.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
HP LaserJet 2410 with firmware prior to 20080819 SPCL112AHP LaserJet 2420 with firmware prior to 20080819 SPCL112AHP LaserJet 2430 with firmware prior to 20080819 SPCL112AHP LaserJet 4250 with firmware prior to 20080819 SPCL015AHP LaserJet 4350 with firmware prior to 20080819 SPCL015AHP LaserJet 9040 with firmware prior to 20080819 SPCL110AHP LaserJet 9050 with firmware prior to 20080819 SPCL110AHP LaserJet 4345mfp with firmware prior to 09.120.9HP Color LaserJet 4730mfp with firmware prior to 46.200.9HP LaserJet 9040mfp with firmware prior to 08.110.9HP LaserJet 9050mfp with firmware prior to 08.110.9HP 9200C Digital Sender with firmware prior to 09.120.9HP Color LaserJet 9500mfp with firmware prior to 08.110.9
|
|
|
|
|
|
Solution
|
|
Apply fixes :
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
|
|
|
|
|
|
CVE
|
|
CVE-2008-4419
|
|
|
|
|
|
References
|
|
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
