Detections
Analytics
HP LaserJet Web Server Unspecified Admin Component Traversal Arbitrary File Access
high Nessus Plugin ID 36129
Language:
Synopsis
The remote web server is affected by a directory traversal vulnerability.Description
The remote web server is an embedded web server for an HP LaserJet printer. The version of the firmware reported by the printer is reportedly affected by a directory traversal vulnerability. Because the printer caches printed files, an attacker could exploit this in order to gain access to sensitive information.Solution
Upgrade the firmware according to the vendor's advisory.See Also
http://www.nessus.org/u?ae000557
https://www.securityfocus.com/archive/1/500986/30/0/threaded
https://www.securityfocus.com/archive/1/500657/30/0/threaded
https://www.securityfocus.com/archive/1/503676/30/0/threaded
https://www.securityfocus.com/archive/1/510686/30/0/threaded
Plugin Details
Severity: High
ID: 36129
File Name: hp_laserjet_directory_traversal.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 4/10/2009
Updated: 1/26/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Vulnerability Information
CPE: cpe:/h:hp:laserjet
Required KB Items: www/hp_laserjet/pname, www/hp_laserjet/fw, www/hp_laserjet/port
Exploit Ease: No known exploits are available
Patch Publication Date: 2/4/2009
Vulnerability Publication Date: 2/4/2009
Reference Information
CVE: CVE-2008-4419
BID: 33611
CWE: 22
IAVT: 2009-T-0010-S