HP Deskjet 6840打印机 'refresh_rate.htm'跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1182995 漏洞类型 跨站脚本
发布时间 2009-04-11 更新时间 2009-04-25
CVE编号 CVE-2009-1333 CNNVD-ID CNNVD-200904-374
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/34480
https://cxsecurity.com/issue/WLB-2009040039
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-374
|漏洞详情
HPDeskjet6840是一款彩色喷墨打印机。HPDeskjet6840打印机的WEB接口存在跨站脚本漏洞。如果远程攻击者通过POST请求向/refresh_rate.htm页面提交了类似于的字符串的话,所生成的出错页面就会执行请求中嵌入的脚本。
|漏洞EXP
 A Cross-site scripting input validation error has been identified in the web interface of the HP Deskjet 6800 printer family.  By sending a string such as <script>alert("found XSS on this page")</script> via a POST request to /refresh_rate.htm the resulting error page will execute the script.  

Verified on Deskjet 6840 firmware version: XF1M131A, but the firmware seems to be generic to the 6800 family, so possibly the entire family is vulnerable.

Vulnerability Timeline: 
3/21/09: Vendor notification via email
3/21/09: Vendor upgrades ticket to "next level of support"
3/31/09: Vendor's "Advanced Support Group" replies: the issue that you are experiencing is due to faulty firmware of the 
printer and as a result the printer needs to be serviced from a HP 
authorized service center.
3/31/09: I Reply asking what firmware version fixes the issue and ask if this vulnerability has been reported previously
3/31/09: Vendor replys: I regret to inform you that there is no specific firmware is available for your printer. As the issue is related to the hardware of the printer, it is beyond the scope of our email support and needs the personal attention of a technician. I would suggest you to get the printer serviced at the nearest HP Authorised service centre. For your convenience I provided below information to locate the nearest HP Authorised service centre.
|受影响的产品
HP Deskjet 6840 firmware XF1M13
|参考资料

来源:XF
名称:deskjet-refreshrate-xss(49850)
链接:http://xforce.iss.net/xforce/xfdb/49850
来源:BID
名称:34480
链接:http://www.securityfocus.com/bid/34480
来源:BUGTRAQ
名称:20090411HPDeskjet6800XSSinWebInterface
链接:http://www.securityfocus.com/archive/1/archive/1/502620/100/0/threaded
来源:SECUNIA
名称:34702
链接:http://secunia.com/advisories/34702
来源:OSVDB
名称:53769
链接:http://osvdb.org/53769