Directory Traversal Vulnerability in HP JetDirect Web Administration Interface
CVE-2008-4419

Currently unrated

Key Information:

Vendor: HP
Status: Laserjet 4350; Laserjet 2420; Laserjet 9040; Laserjet 4250
Vendor: CVE Published:; 5 February 2009

Summary

A directory traversal vulnerability exists in the HP JetDirect web administration interface utilized by various LaserJet models, allowing remote attackers to access sensitive files through crafted URI requests. This issue affects multiple models prior to specific firmware updates, exposing critical system information that could facilitate further attacks. Users are recommended to upgrade their firmware to mitigate the risks associated with this vulnerability.

References

http://secunia.com/advisories/33779

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/33611

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/500657/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 5, 2009
Vulnerability Reserved
Oct 3, 2008