HP Color LaserJet 2500/4600 Toolbox目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110000 漏洞类型 路径遍历
发布时间 2006-04-03 更新时间 2006-04-07
CVE编号 CVE-2006-1654 CNNVD-ID CNNVD-200604-081
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27565
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-081
|漏洞详情
HPColorLaserJet2500/4600Toolbox都是目前市面上流行的彩色打印机。如果HPColorLaserJet2500和4600Toolbox是默认配置的话,则远程非授权用户可以从MicrosoftWindows计算机上检索任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/17367/info

The HP Color LaserJet 2500/4600 Toolbox is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

http://www.example.com:5225/../../../boot.ini
|参考资料

来源:HP
名称:HPSBPI2109
链接:http://www.securityfocus.com/archive/1/archive/1/429893/100/0/threaded
来源:VUPEN
名称:ADV-2006-1230
链接:http://www.frsirt.com/english/advisories/2006/1230
来源:SECTRACK
名称:1015862
链接:http://securitytracker.com/id?1015862
来源:FULLDISC
名称:20060404[SEC-1LTD]HPColourLaserJet2500and4600ToolboxDirectoryTraversalVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html
来源:BID
名称:17367
链接:http://www.securityfocus.com/bid/17367
来源:XF
名称:hp-laserjet-toolbox-directory-traversal(25627)
链接:http://xforce.iss.net/xforce/xfdb/25627
来源:BUGTRAQ
名称:20060404[SEC-1LTD]HPColourLaserJet2500and4600ToolboxDirectoryTraversalVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/429984/100/0/threaded
来源:OSVDB
名称:24396
链接:http://www.osvdb.org/24396
来源:SECUNIA
名称:19529
链接:http://secunia.com/advisories/19529