Details of VAR-200304-0141

ID

VAR-200304-0141

TITLE

HP JetDirect Printer FTP Service File Print Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-1156

DESCRIPTION

The HP JetDirect printer is a printer with integrated network capabilities developed by Hewlett-Packard. The FTP directory in the HP JetDirect printer is writable, and a remote attacker can exploit this vulnerability to perform a denial of service attack on the print service. Since the HP JetDirect printer's directory permissions for its FTP service are not set correctly, any files sent to the Jetdirect FTP service can be printed, and an attacker can send a large number of requests for a denial of service attack. It has been reported that HP JetDirect Printers accept documents from any source without access control limitations. This could lead to a denial of service or abuse of printing services

Trust: 0.81

sources: CNVD: CNVD-2003-1156 // BID: 7422

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-1156

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	psc photosmart printer	scope:	eq	version:	2510	Trust: 0.3
vendor:	hp	model:	jetdirect j6061a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6058a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6057a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6042a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6039a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6038a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j6035a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j4169a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j4167a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. g.08.03	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. g.07.17	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. g.07.03	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. g.07.02	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. g.05.35	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a rev. a.08.06	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	300.0x	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.21.00	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.20.00	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.08.32	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.08.20	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.08.05	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.08.04	Trust: 0.3
vendor:	hp	model:	jetdirect	scope:	eq	version:	x.08.00	Trust: 0.3
vendor:	hp	model:	jetdirect rev. u.23.99	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. u.22.00	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. l.23.99	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. l.22.00	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. h.08.20	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. h.08.05	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. g.08.20	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect rev. g.08.04	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3263a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3113a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3111a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j3110a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2591a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2552b	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	jetdirect j2552a	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-1156 // BID: 7422

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-1156
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-1156
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-1156

THREAT TYPE

network

Trust: 0.3

sources: BID: 7422

TYPE

Configuration Error

Trust: 0.3

sources: BID: 7422

EXTERNAL IDS

db:	BID	id:	7422	Trust: 0.9
db:	CNVD	id:	CNVD-2003-1156	Trust: 0.6

sources: CNVD: CNVD-2003-1156 // BID: 7422

REFERENCES

url:	http://www.securityfocus.com/advisories/5317	Trust: 0.6
url:	/archive/1/380838	Trust: 0.3

sources: CNVD: CNVD-2003-1156 // BID: 7422

CREDITS

Vulnerability announced by HP.

Trust: 0.3

sources: BID: 7422

SOURCES

db:	CNVD	id:	CNVD-2003-1156
db:	BID	id:	7422

LAST UPDATE DATE

2022-05-17T01:44:51.187000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-1156	date:	2014-01-20T00:00:00
db:	BID	id:	7422	date:	2003-04-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-1156	date:	2003-04-23T00:00:00
db:	BID	id:	7422	date:	2003-04-23T00:00:00