TITLE: HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information
SECUNIA ADVISORY ID: SA19529 VERIFY ADVISORY: http://secunia.com/advisories/19529/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network SOFTWARE: HP Color LaserJet 2500 Toolbox 3.x http://secunia.com/product/9172/ HP Color LaserJet 4600 Toolbox 3.x http://secunia.com/product/9173/ DESCRIPTION: Richard Horsman has reported a vulnerability in the HP Color LaserJet 2500 Toolbox and HP Color LaserJet 4600 Toolbox software, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error in the built-in HTTP server. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. Example: http://[host]:5225/../../../[file] SOLUTION: Update to version 3.1. HP Color LaserJet 2500 Toolbox: http://www.hp.com/go/clj2500_software HP Color LaserJet 4600 Toolbox: http://www.hp.com/go/clj4600_software ORIGINAL ADVISORY: HPSBPI2109 SSRT061141: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00634759 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
