CVE-2008-4419

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Vulnerabilidad de salto de directorio en la interfaz de administración Web HP JetDirect en el servidor web empotrado HP-ChaiSOE v1.0 en las LaserJet 9040mfp, LaserJet 9050mfp y Color LaserJet 9500mfp anteriores al software empotrado 08.110.9; LaserJet 4345mfp y 9200C Digital Sender anteriores al software empotrado 09.120.9; Color LaserJet 4730mfp anterior al software empotrado 46.200.9; LaserJet 2410, LaserJet 2420 y LaserJet 2430 anterior al software empotrado 20080819 SPCL112A; LaserJet 4250 y LaserJet 4350 anterior al software empotrado 20080819 SPCL015A; y LaserJet 9040 y LaserJet 9050 anterior al software empotrado 20080819 SPCL110A; permite a atacantes remotos leer ficheros arbitrario a través de secuencias de salto de directorio en el URI.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-10-03 CVE Reserved
2009-02-05 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (6)

URL	Tag	Source
http://secunia.com/advisories/33779	Third Party Advisory
http://www.securityfocus.com/archive/1/500657/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/33611	Vdb Entry
http://www.securitytracker.com/id?1021687	Vdb Entry
http://www.vupen.com/english/advisories/2009/0341	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		9200c Digital Sender Search vendor "Hp" for product "9200c Digital Sender"				<= 20081211_09.131.1 Search vendor "Hp" for product "9200c Digital Sender" and version " <= 20081211_09.131.1"		-		Affected
Hp Search vendor "Hp"		Color Laserjet 4370mfp Search vendor "Hp" for product "Color Laserjet 4370mfp"				<= 20081211_46.211.2 Search vendor "Hp" for product "Color Laserjet 4370mfp" and version " <= 20081211_46.211.2"		-		Affected
Hp Search vendor "Hp"		Color Laserjet 9500mfp Search vendor "Hp" for product "Color Laserjet 9500mfp"				<= 20070719_05.011.2 Search vendor "Hp" for product "Color Laserjet 9500mfp" and version " <= 20070719_05.011.2"		-		Affected
Hp Search vendor "Hp"		Laserjet 2410 Search vendor "Hp" for product "Laserjet 2410"				<= 20070410_08.112.3 Search vendor "Hp" for product "Laserjet 2410" and version " <= 20070410_08.112.3"		-		Affected
Hp Search vendor "Hp"		Laserjet 2420 Search vendor "Hp" for product "Laserjet 2420"				<= 20070410_08.112.3 Search vendor "Hp" for product "Laserjet 2420" and version " <= 20070410_08.112.3"		-		Affected
Hp Search vendor "Hp"		Laserjet 2430 Search vendor "Hp" for product "Laserjet 2430"				<= 20070410_08.112.3 Search vendor "Hp" for product "Laserjet 2430" and version " <= 20070410_08.112.3"		-		Affected
Hp Search vendor "Hp"		Laserjet 4250 Search vendor "Hp" for product "Laserjet 4250"				<= 20080319_08.015.0 Search vendor "Hp" for product "Laserjet 4250" and version " <= 20080319_08.015.0"		-		Affected
Hp Search vendor "Hp"		Laserjet 4345mfp Search vendor "Hp" for product "Laserjet 4345mfp"				<= 20081211_09.131.1 Search vendor "Hp" for product "Laserjet 4345mfp" and version " <= 20081211_09.131.1"		-		Affected
Hp Search vendor "Hp"		Laserjet 4350 Search vendor "Hp" for product "Laserjet 4350"				<= 20080319_08.015.0 Search vendor "Hp" for product "Laserjet 4350" and version " <= 20080319_08.015.0"		-		Affected
Hp Search vendor "Hp"		Laserjet 9040 Search vendor "Hp" for product "Laserjet 9040"				<= 20080204_08.110.0 Search vendor "Hp" for product "Laserjet 9040" and version " <= 20080204_08.110.0"		-		Affected
Hp Search vendor "Hp"		Laserjet 9040mfp Search vendor "Hp" for product "Laserjet 9040mfp"				<= 20080204_08.110.0 Search vendor "Hp" for product "Laserjet 9040mfp" and version " <= 20080204_08.110.0"		-		Affected
Hp Search vendor "Hp"		Laserjet 9050 Search vendor "Hp" for product "Laserjet 9050"				<= 20080204_08.110.0 Search vendor "Hp" for product "Laserjet 9050" and version " <= 20080204_08.110.0"		-		Affected
Hp Search vendor "Hp"		Laserjet 9050mfp Search vendor "Hp" for product "Laserjet 9050mfp"				<= 20080204_08.110.0 Search vendor "Hp" for product "Laserjet 9050mfp" and version " <= 20080204_08.110.0"		-		Affected