CVE-2006-1654

Severity

50%

Complexity

99%

Confidentiality

48%

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

HP color laserjet

First reported 18 years ago

2006-04-06 10:04:00

Last updated 6 years ago

2018-10-18 16:33:00

Affected Software

HP color laserjet 2500 toolbox

HP color laserjet 4600 toolbox

HP color laserjet 2500

HP color laserjet 2500l

HP color laserjet 2500lse

HP color laserjet 2500n

HP color laserjet 2500tn

HP color laserjet 4600

References

20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability

Exploit, Patch

19529

1015862

Exploit, Patch

24396

HPSBPI2109

20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability

17367

Exploit

ADV-2006-1230

hp-laserjet-toolbox-directory-traversal(25627)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.