CVE-2008-4419

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Published: Feb 5, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-4419
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
hp / laserjet_4350	-	20080319_08.015.0.x
hp / laserjet_2420	-	20070410_08.112.3.x
hp / laserjet_9040	-	20080204_08.110.0.x
hp / laserjet_4250	-	20080319_08.015.0.x
hp / laserjet_4345mfp	-	20081211_09.131.1.x
hp / laserjet_9050	-	20080204_08.110.0.x
hp / laserjet_9040mfp	-	20080204_08.110.0.x
hp / laserjet_2430	-	20070410_08.112.3.x
hp / color_laserjet_9500mfp	-	20070719_05.011.2.x
hp / laserjet_9050mfp	-	20080204_08.110.0.x
hp / color_laserjet_4370mfp	-	20081211_46.211.2.x
hp / laserjet_2410	-	20070410_08.112.3.x
hp / 9200c_digital_sender	-	20081211_09.131.1.x

Vulnerability Database

290,273

CVE-2008-4419