Details of VAR-200604-0081

ID

VAR-200604-0081

CVE

CVE-2006-1654

TITLE

HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability

Trust: 0.9

sources: BID: 17367 // CNNVD: CNNVD-200604-081

DESCRIPTION

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks. The vulnerability is caused due to an input validation error in the built-in HTTP server. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. Example: http://[host]:5225/../../../[file] SOLUTION: Update to version 3.1. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2006-1654 // BID: 17367 // PACKETSTORM: 45198

AFFECTED PRODUCTS

vendor:	hp	model:	color laserjet	scope:	eq	version:	4600dtn	Trust: 1.6
vendor:	hp	model:	color laserjet	scope:	eq	version:	4600dn	Trust: 1.6
vendor:	hp	model:	color laserjet	scope:	eq	version:	4600hdn	Trust: 1.6
vendor:	hp	model:	color laserjet 2500n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500lse	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500 toolbox	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600 toolbox	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500tn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500l	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 2500tn	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 2500lse	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 2500n	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 4600 toolbox	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 2500	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet 2500l	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	color laserjet toolbox	scope:	eq	version:	46000	Trust: 0.3
vendor:	hp	model:	color laserjet toolbox	scope:	eq	version:	25000	Trust: 0.3

sources: BID: 17367 // CNNVD: CNNVD-200604-081 // NVD: CVE-2006-1654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1654
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200604-081
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-1654
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200604-081 // NVD: CVE-2006-1654

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-081

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200604-081

EXTERNAL IDS

db:	BID	id:	17367	Trust: 1.9
db:	SECUNIA	id:	19529	Trust: 1.7
db:	SECTRACK	id:	1015862	Trust: 1.6
db:	VUPEN	id:	ADV-2006-1230	Trust: 1.6
db:	NVD	id:	CVE-2006-1654	Trust: 1.6
db:	OSVDB	id:	24396	Trust: 1.6
db:	FULLDISC	id:	20060404 [SEC-1 LTD] HP COLOUR LASERJET 2500 AND 4600 TOOLBOX DIRECTORY TRAVERSAL VULNERABILITY	Trust: 0.6
db:	XF	id:	25627	Trust: 0.6
db:	BUGTRAQ	id:	20060404 [SEC-1 LTD] HP COLOUR LASERJET 2500 AND 4600 TOOLBOX DIRECTORY TRAVERSAL VULNERABILITY	Trust: 0.6
db:	HP	id:	HPSBPI2109	Trust: 0.6
db:	CNNVD	id:	CNNVD-200604-081	Trust: 0.6
db:	PACKETSTORM	id:	45198	Trust: 0.1

sources: BID: 17367 // PACKETSTORM: 45198 // CNNVD: CNNVD-200604-081 // NVD: CVE-2006-1654

REFERENCES

url:	http://securitytracker.com/id?1015862	Trust: 1.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/17367	Trust: 1.6
url:	http://www.osvdb.org/24396	Trust: 1.6
url:	http://secunia.com/advisories/19529	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/429893/100/0/threaded	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/429984/100/0/threaded	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2006/1230	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25627	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/archive/1/429893/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1230	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/25627	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/429984/100/0/threaded	Trust: 0.6
url:	http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?lang=en&cc=us&prodtypeid=18972&prodseriesid=81954&switem=lj-39377-1&prodnameid=81956&swenvoid=228&swlang=8&taskid=135&mode=3	Trust: 0.3
url:	/archive/1/429984	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19529/	Trust: 0.1
url:	http://itrc.hp.com/service/cki/docdisplay.do?docid=c00634759	Trust: 0.1
url:	http://www.hp.com/go/clj2500_software	Trust: 0.1
url:	http://[host]:5225/../../../[file]	Trust: 0.1
url:	http://secunia.com/product/9172/	Trust: 0.1
url:	http://www.hp.com/go/clj4600_software	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/9173/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 17367 // PACKETSTORM: 45198 // CNNVD: CNNVD-200604-081 // NVD: CVE-2006-1654

CREDITS

Richard Horsman

Trust: 0.6

sources: CNNVD: CNNVD-200604-081

SOURCES

db:	BID	id:	17367
db:	PACKETSTORM	id:	45198
db:	CNNVD	id:	CNNVD-200604-081
db:	NVD	id:	CVE-2006-1654

LAST UPDATE DATE

2024-08-14T14:59:14.109000+00:00

SOURCES UPDATE DATE

db:	BID	id:	17367	date:	2006-04-10T18:12:00
db:	CNNVD	id:	CNNVD-200604-081	date:	2006-04-07T00:00:00
db:	NVD	id:	CVE-2006-1654	date:	2018-10-18T16:33:47.453

SOURCES RELEASE DATE

db:	BID	id:	17367	date:	2006-04-04T00:00:00
db:	PACKETSTORM	id:	45198	date:	2006-04-06T18:10:32
db:	CNNVD	id:	CNNVD-200604-081	date:	2006-04-06T00:00:00
db:	NVD	id:	CVE-2006-1654	date:	2006-04-06T10:04:00