Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1654

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1654
Last Modified 07 Mar 2011 09:33:29
Published 06 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1654

Summary

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

Vulnerable Systems

Application

  • Hp Color Laserjet 2500 Toolbox

  • Hp Color Laserjet 4600 Toolbox


References

HP - SSRT061141

SECTRACK - 1015862

FULLDISC - 20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability

VUPEN - ADV-2006-1230

BID - 17367

HP - HPSBPI2109

XF - hp-laserjet-toolbox-directory-traversal(25627)

OSVDB - 24396

SECUNIA - 19529


Last Updated: 27 May 2016 10:42:09