← Back

CVE-2008-4419

nvd nist
Published: Feb 5, 2009Modified: Apr 23, 2026

JSON object

Loading...
7.8
Vector
AV:N/AC:L/Au:N/C:C/I:N/A:N
Exploitability: 10.0 / Impact: 6.9
Source: NVD

Description

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Affected (13)

Hp
13 products
9200c Digital Sender
Color Laserjet 4370mfp
Color Laserjet 9500mfp
Laserjet 2410
Laserjet 2420
Laserjet 2430
Laserjet 4250
Laserjet 4345mfp
Laserjet 4350
Laserjet 9040
Laserjet 9040mfp
Laserjet 9050
Laserjet 9050mfp
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
9200c Digital Sender
Up to 20081211_09.131.1
Color Laserjet 4370mfp
Up to 20081211_46.211.2
Color Laserjet 9500mfp
Up to 20070719_05.011.2
Laserjet 2410
Up to 20070410_08.112.3
Laserjet 2420
Up to 20070410_08.112.3
Laserjet 2430
Up to 20070410_08.112.3
Laserjet 4250
Up to 20080319_08.015.0
Laserjet 4345mfp
Up to 20081211_09.131.1
Laserjet 4350
Up to 20080319_08.015.0
Laserjet 9040
Up to 20080204_08.110.0
Laserjet 9040mfp
Up to 20080204_08.110.0
Laserjet 9050
Up to 20080204_08.110.0
Laserjet 9050mfp
Up to 20080204_08.110.0

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.