Directory Traversal Vulnerability in HP Color LaserJet Toolboxes
CVE-2006-1654

Currently unrated

Key Information:

Vendor: HP
Status: Color Laserjet 2500l; Color Laserjet; Color Laserjet 2500lse; Color Laserjet 2500
Vendor: CVE Published:; 6 April 2006

Summary

A directory traversal vulnerability exists in the HP Color LaserJet 2500 and 4600 Toolboxes running on Microsoft Windows prior to April 2006. This security flaw allows remote attackers to exploit the affected software by sending specially crafted HTTP GET requests. By appending '..' to the file path in these requests, unauthorized users may gain access to sensitive files on the server. This poses significant risks, enabling potential data breaches and unauthorized information retrieval.

References

http://www.securityfocus.com/archive/1/429984/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/24396

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/17367

vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2006
Vulnerability Reserved
Apr 6, 2006