Description
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
Affected products
- HP / color_laserjet4600dn – 4600dn
- HP / color_laserjet4600dtn – 4600dtn
- HP / color_laserjet4600hdn – 4600hdn
- HP / color_laserjet_2500
- HP / color_laserjet_2500l
- HP / color_laserjet_2500lse
- HP / color_laserjet_2500n
- HP / color_laserjet_2500tn
- HP / color_laserjet_2500_toolbox
- HP / color_laserjet_4600
- HP / color_laserjet_4600_toolbox
References
- MISChttp://www.securityfocus.com/archive/1/429984/100/0/threaded
- MISChttp://www.osvdb.org/24396
- MISChttp://www.securityfocus.com/bid/17367
- MISChttp://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25627
- VENDOR_ADVISORYhttp://secunia.com/advisories/19529
- MISChttp://securitytracker.com/id?1015862
- MISChttp://www.securityfocus.com/archive/1/429893/100/0/threaded
- MISChttp://www.securityfocus.com/archive/1/429893/100/0/threaded
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1230