CVE-2008-4419

EPSS 0.66%
Published 05.02.2009 00:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ 9200c Digital Sender Version <= 20081211_09.131.1

Hp ≫ Color Laserjet 4370mfp Version <= 20081211_46.211.2

Hp ≫ Color Laserjet 9500mfp Version <= 20070719_05.011.2

Hp ≫ Laserjet 2410 Version <= 20070410_08.112.3

Hp ≫ Laserjet 2420 Version <= 20070410_08.112.3

Hp ≫ Laserjet 2430 Version <= 20070410_08.112.3

Hp ≫ Laserjet 4250 Version <= 20080319_08.015.0

Hp ≫ Laserjet 4345mfp Version <= 20081211_09.131.1

Hp ≫ Laserjet 4350 Version <= 20080319_08.015.0

Hp ≫ Laserjet 9040 Version <= 20080204_08.110.0

Hp ≫ Laserjet 9040mfp Version <= 20080204_08.110.0

Hp ≫ Laserjet 9050 Version <= 20080204_08.110.0

Hp ≫ Laserjet 9050mfp Version <= 20080204_08.110.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.66%	0.687

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905

http://secunia.com/advisories/33779

http://www.securityfocus.com/archive/1/500657/100/0/threaded

http://www.securityfocus.com/bid/33611

http://www.securitytracker.com/id?1021687

http://www.vupen.com/english/advisories/2009/0341

https://nvd.nist.gov/vuln/detail/CVE-2008-4419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4419

EUVD