PCWorks: HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information

Thread: PCWorks: HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information

Search this list only Search all lists
PCWorks: HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information
	2006-04-05 15:10:48
TITLE: HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA19529 VERIFY ADVISORY: http://secunia.c om/advisories/19529/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From local network SOFTWARE: HP Color LaserJet 2500 Toolbox 3.x http://secunia.com/p roduct/9172/ HP Color LaserJet 4600 Toolbox 3.x http://secunia.com/p roduct/9173/ DESCRIPTION: Richard Horsman has reported a vulnerability in the HP Color LaserJet 2500 Toolbox and HP Color LaserJet 4600 Toolbox software, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error in the built-in HTTP server. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. Example: http://[host]:5225/../../../[file] SOLUTION: Update to version 3.1. HP Color LaserJet 2500 Toolbox: http://www.hp.c om/go/clj2500_software HP Color LaserJet 4600 Toolbox: http://www.hp.c om/go/clj4600_software ORIGINAL ADVISORY: HPSBPI2109 SSRT061141: http://itrc.hp.com/service/cki/docDisplay.do?docId=c 00634759 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )