Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for laserjet_mfp by hp

    CVE-2010-4107 (GCVE-0-2010-4107)

    Vulnerability from nvd – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://securitytracker.com/id?1024741 vdb-entryx_refsource_SECTRACK
    http://www.exploit-db.com/exploits/15631 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/8328 third-party-advisoryx_refsource_SREASON
    http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
    http://www.nruns.com/_downloads/SA-2010%20003-Hew… x_refsource_MISC
    http://secunia.com/advisories/42238 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/2987 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/44882 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2010-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1024741",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024741"
              },
              {
                "name": "15631",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15631"
              },
              {
                "name": "8328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8328"
              },
              {
                "name": "HPSBPI02575",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
              },
              {
                "name": "42238",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42238"
              },
              {
                "name": "ADV-2010-2987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2987"
              },
              {
                "name": "44882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44882"
              },
              {
                "name": "SSRT090255",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
              },
              {
                "name": "hp-laserjet-pjl-directory-traversal(63261)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device\u0027s filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1024741",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024741"
            },
            {
              "name": "15631",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15631"
            },
            {
              "name": "8328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8328"
            },
            {
              "name": "HPSBPI02575",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
            },
            {
              "name": "42238",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42238"
            },
            {
              "name": "ADV-2010-2987",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2987"
            },
            {
              "name": "44882",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44882"
            },
            {
              "name": "SSRT090255",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
            },
            {
              "name": "hp-laserjet-pjl-directory-traversal(63261)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2010-4107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device\u0027s filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1024741",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1024741"
                },
                {
                  "name": "15631",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15631"
                },
                {
                  "name": "8328",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8328"
                },
                {
                  "name": "HPSBPI02575",
                  "refsource": "HP",
                  "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
                },
                {
                  "name": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
                },
                {
                  "name": "42238",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42238"
                },
                {
                  "name": "ADV-2010-2987",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2987"
                },
                {
                  "name": "44882",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/44882"
                },
                {
                  "name": "SSRT090255",
                  "refsource": "HP",
                  "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
                },
                {
                  "name": "hp-laserjet-pjl-directory-traversal(63261)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2010-4107",
        "datePublished": "2010-11-17T15:00:00.000Z",
        "dateReserved": "2010-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4107 (GCVE-0-2010-4107)

    Vulnerability from cvelistv5 – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    URL Tags
    http://securitytracker.com/id?1024741 vdb-entryx_refsource_SECTRACK
    http://www.exploit-db.com/exploits/15631 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/8328 third-party-advisoryx_refsource_SREASON
    http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
    http://www.nruns.com/_downloads/SA-2010%20003-Hew… x_refsource_MISC
    http://secunia.com/advisories/42238 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/2987 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/44882 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2010-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1024741",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024741"
              },
              {
                "name": "15631",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15631"
              },
              {
                "name": "8328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8328"
              },
              {
                "name": "HPSBPI02575",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
              },
              {
                "name": "42238",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42238"
              },
              {
                "name": "ADV-2010-2987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2987"
              },
              {
                "name": "44882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44882"
              },
              {
                "name": "SSRT090255",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
              },
              {
                "name": "hp-laserjet-pjl-directory-traversal(63261)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device\u0027s filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "name": "1024741",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024741"
            },
            {
              "name": "15631",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15631"
            },
            {
              "name": "8328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8328"
            },
            {
              "name": "HPSBPI02575",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
            },
            {
              "name": "42238",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42238"
            },
            {
              "name": "ADV-2010-2987",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2987"
            },
            {
              "name": "44882",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44882"
            },
            {
              "name": "SSRT090255",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
            },
            {
              "name": "hp-laserjet-pjl-directory-traversal(63261)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2010-4107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device\u0027s filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1024741",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1024741"
                },
                {
                  "name": "15631",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15631"
                },
                {
                  "name": "8328",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8328"
                },
                {
                  "name": "HPSBPI02575",
                  "refsource": "HP",
                  "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
                },
                {
                  "name": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf"
                },
                {
                  "name": "42238",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42238"
                },
                {
                  "name": "ADV-2010-2987",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2987"
                },
                {
                  "name": "44882",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/44882"
                },
                {
                  "name": "SSRT090255",
                  "refsource": "HP",
                  "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333"
                },
                {
                  "name": "hp-laserjet-pjl-directory-traversal(63261)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2010-4107",
        "datePublished": "2010-11-17T15:00:00.000Z",
        "dateReserved": "2010-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }