CVE-2011-4785 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-chaisoe Laserjet 2430 Laserjet 4650 Laserjet P3015

Configuration 1 [-]

AND

cpe:2.3:a:hp:hp-chaisoe:1.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:laserjet_2430:08.113.0_i35128:::::::*
	cpe:2.3:h:hp:laserjet_4650:07.006.0:::::::*
	cpe:2.3:h:hp:laserjet_p3015::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html
http://osvdb.org/78224
http://secunia.com/advisories/47457
http://www.securityfocus.com/archive/1/521160
http://www.securityfocus.com/archive/1/521165
http://www.securityfocus.com/bid/51329
https://exchange.xforce.ibmcloud.com/vulnerabilities/72227

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2012-01-10T11:00:00

Updated: 2024-08-07T00:16:34.689Z

Reserved: 2011-12-13T00:00:00

Link: CVE-2011-4785

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-01-10T11:55:05.057

Modified: 2024-11-21T01:32:59.993

Link: CVE-2011-4785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "HPSBPI02733", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "78224", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78224"}, {"name": "47457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47457"}, {"name": "SSRT100646", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/521165"}, {"name": "hp-laserjet-unspecified-unauth-access(72227)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"}, {"name": "51329", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2011-4785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "HPSBPI02733", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "78224", "refsource": "OSVDB", "url": "http://osvdb.org/78224"}, {"name": "47457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47457"}, {"name": "SSRT100646", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/521165"}, {"name": "hp-laserjet-unspecified-unauth-access(72227)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"}, {"name": "51329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51329"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:16:34.689Z"}, "title": "CVE Program Container", "references": [{"name": "HPSBPI02733", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "78224", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78224"}, {"name": "47457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47457"}, {"name": "SSRT100646", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/521160"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"}, {"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/521165"}, {"name": "hp-laserjet-unspecified-unauth-access(72227)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"}, {"name": "51329", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51329"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2011-4785", "datePublished": "2012-01-10T11:00:00", "dateReserved": "2011-12-13T00:00:00", "dateUpdated": "2024-08-07T00:16:34.689Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:hp-chaisoe:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1657B3C6-C1E7-4906-B7FC-24C9AC6B231F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:laserjet_2430:08.113.0_i35128:*:*:*:*:*:*:*", "matchCriteriaId": "C3D49304-8C2D-4B6C-9CDE-3D39B98C3D82", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:laserjet_4650:07.006.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C175E65-7294-49C2-8F92-3ABE22488FAA", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*", "matchCriteriaId": "F451457E-1653-4CB6-B9C2-60F96D8F63EA", "versionEndIncluding": "07.080", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el servidor web HP-ChaiSOE/1.0 en la impresora HP LaserJet P3015 con firmware anterior a v07.080.3, impresora LaserJet 4650 con firmware v07.006.0, e impresora LaserJet 2430 con firmware v08.113.0_I35128 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-4419."}], "id": "CVE-2011-4785", "lastModified": "2024-11-21T01:32:59.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-10T11:55:05.057", "references": [{"source": "hp-security-alert@hp.com", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"}, {"source": "hp-security-alert@hp.com", "url": "http://osvdb.org/78224"}, {"source": "hp-security-alert@hp.com", "url": "http://secunia.com/advisories/47457"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/archive/1/521160"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/archive/1/521160"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/archive/1/521165"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/bid/51329"}, {"source": "hp-security-alert@hp.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/47457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/521160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/521160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/521165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}