Directory traversal

2009-02-0500:30:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

CPENameOperatorVersion
9200c_digital_sendereq<= 20081211-9.131.1
color_laserjet_4370mfpeq<= 20081211-46.211.2
color_laserjet_9500mfpeq<= 20070719-5.11.2
laserjet_2410eq<= 20070410-8.112.3
laserjet_2420eq<= 20070410-8.112.3
laserjet_2430eq<= 20070410-8.112.3
laserjet_4250eq<= 20080319-8.15.0
laserjet_4345mfpeq<= 20081211-9.131.1
laserjet_4350eq<= 20080319-8.15.0
laserjet_9040eq<= 20080204-8.110.0

Name	Operator	Version
9200c_digital_sender	eq	<= 20081211-9.131.1
color_laserjet_4370mfp	eq	<= 20081211-46.211.2
color_laserjet_9500mfp	eq	<= 20070719-5.11.2
laserjet_2410	eq	<= 20070410-8.112.3
laserjet_2420	eq	<= 20070410-8.112.3
laserjet_2430	eq	<= 20070410-8.112.3
laserjet_4250	eq	<= 20080319-8.15.0
laserjet_4345mfp	eq	<= 20081211-9.131.1
laserjet_4350	eq	<= 20080319-8.15.0
laserjet_9040	eq	<= 20080204-8.110.0