5.1
CVE-2009-0940
- EPSS 1.08%
- Veröffentlicht 18.03.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:06:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ 8100c Digital Sender Version-
Hp ≫ 9100c Digital Sender Version-
Hp ≫ 9200c Digital Sender Version-
Hp ≫ 9250c Digital Sender Version-
Hp ≫ Color Laserjet 4370mfp Version20081211_46.211.2
Hp ≫ Color Laserjet 9500mfp Version20070719_05.011.2
Hp ≫ Color Mfp Cm8050 Version- Update- Editionedgeline
Hp ≫ Color Mfp Cm8060 Version- Update- Editionedgeline
Hp ≫ Laserjet 2
Hp ≫ Laserjet 2410 Version20070410_08.112.3
Hp ≫ Laserjet 2420 Version20070410_08.112.3
Hp ≫ Laserjet 2430 Version20070410_08.112.3
Hp ≫ Laserjet 4
Hp ≫ Laserjet 4250 Version20080319_08.015.0
Hp ≫ Laserjet 4345mfp Version20081211_09.131.1
Hp ≫ Laserjet 4350 Version20080319_08.015.0
Hp ≫ Laserjet 5
Hp ≫ Laserjet 5000 Versionr.25.15
Hp ≫ Laserjet 5000 Versionr.25.47
Hp ≫ Laserjet 5100 Versionv.29.12
Hp ≫ Laserjet 9040 Version20080204_08.110.0
Hp ≫ Laserjet 9040mfp Version20080204_08.110.0
Hp ≫ Laserjet 9050 Version20080204_08.110.0
Hp ≫ Laserjet 9050mfp Version20080204_08.110.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.608 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
http://osvdb.org/52847
http://osvdb.org/52848
http://osvdb.org/52849
http://www.louhinetworks.fi/advisory/HP_20090317.txt
http://www.securityfocus.com/archive/1/501884/100/0/threaded
http://www.securityfocus.com/bid/34143
http://www.vupen.com/english/advisories/2009/0754