var-200910-0280
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. (1) support_param.html/config To script Apply In action Product_URL Parameters (2) support_param.html/config To script Apply In action Tech_URL Parameters. Multiple HP printers are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01841397 Version: 1
HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
References: CVE-2009-2684
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-2684 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com.
Affected Products - Jetdirect
Product Jetdirect Part Number Jetdirect Version or later
HP Color LaserJet 3000n J7949E V.28.XX
HP Color LaserJet CP3505 J7987E V.34.60
HP Color LaserJet 3600n J7973E V.30.31
HP Color LaserJet 3800n J7949E V.28.XX
HP Color LaserJet 4700n J7949E V.28.XX
HP Color LaserJet CP4005n J7990E V.33.41
HP LaserJet 2410/2420/2430n J7949E V.28.XX
HP LaserJet P3005n J7979E V.33.55
HP LaserJet 4240/4250n J7949E V.28.XX
HP LaserJet 4350n J7949E V.28.XX
HP LaserJet 5200n J7949E V.28.XX
HP LaserJet 9040n/9050n J7949E V.28.XX
HP Color LaserJet 4730 MFP J7949E V.28.XX
HP Color LaserJet CM4730 MFP J7991E V.34.60
HP LaserJet 9040/9050MFP J7949E V.28.XX
HP LaserJet M3027/3035 MFP J7982E V.34.08
HP LaserJet 4345 MFP J7949E V.28.XX
HP LaserJet M4345x MFP J7982E V.34.08
HP LaserJet M5025/5035 MFP J7982E V.34.08
HP CM8050/8060 MFP J7974E V.34.40
HP DS9200c Digital Sender J7949E V.28.XX
HP DS9250c Digital Sender J7992E V.34.12
HP LaserJet P4515 J8003E V.36.35
HP LaserJet P4015 J8003E V.36.35
HP LaserJet P4014 J8006E V.36.35
HP Color LaserJet CP6015 J7993E V.36.35
HP Color LaserJet 6040 MFP J7993E V.36.35
HP LaserJet M9040/50 MFP J8004E V.36.35
Affected Products - Embedded Web Server (EWS)
Product
HP Color LaserJet 3000n
HP Color LaserJet CP3505
HP Color LaserJet 3600n
HP Color LaserJet 3800n
HP Color LaserJet 4700n
HP Color LaserJet CP4005n
HP LaserJet 2410/2420/2430n
HP LaserJet P3005n
HP LaserJet 4240/4250n
HP LaserJet 4350n
HP LaserJet 5200n
HP LaserJet 9040n/9050n
HP Color LaserJet 4730 MFP
HP Color LaserJet CM4730 MFP
HP LaserJet 9040/9050MFP
HP LaserJet M3027/3035 MFP
HP LaserJet 4345 MFP
HP LaserJet M4345x MFP
HP LaserJet M5025/5035 MFP
HP CM8050/8060 MFP
HP DS9200c Digital Sender
HP DS9250c Digital Sender
HP LaserJet P4515
HP LaserJet P4015
HP LaserJet P4014
HP Color LaserJet CP6015
HP Color LaserJet 6040 MFP
HP LaserJet M9040/50 MFP
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
RESOLUTION
The following steps can be taken to limit the exposure to the XSS vulnerabilities.
set the administrator password use a new browser instance for administrator tasks do not access other web sites while performing administrator tasks exit the browser when administrator tasks are complete
PRODUCT SPECIFIC INFORMATION None
HISTORY Version:1 (rev.1) - 7 October 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkrMkcsACgkQ4B86/C0qfVkloACeJjXFqi/GNPBY7Z/Zn5bkBchG RhUAoInJdnRoqTTCkgJqrss2Etcz9ool =xes/ -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: KSP Sound Player "m3u" Playlist Buffer Overflow
SECUNIA ADVISORY ID: SA36621
VERIFY ADVISORY: http://secunia.com/advisories/36621/
DESCRIPTION: hack4love has discovered a vulnerability in KSP Sound Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of "m3u" files. This can be exploited to cause a stack-based buffer overflow when a user is tricked into opening a specially crafted "m3u" playlist file containing an overly long entry.
Successful exploitation allows execution of arbitrary code.
SOLUTION: Do not open files from untrusted sources.
PROVIDED AND/OR DISCOVERED BY: hack4love
ORIGINAL ADVISORY: http://milw0rm.com/exploits/9624
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Input passed via the "Product_URL" and "Tech_URL" parameters to support_param.html/config is not properly sanitised before being used.
SOLUTION: Filter malicious characters and character sequences in a web proxy.
See the vendor's advisory for recommended workarounds.
Details
Multiple Linked Stored XSS vulnerabilities found in script support_param.html/config
Attacker can inject XSS in parameters "Product_URL" and "Tech_URL".
http://dsecrg.ru/pages/vul/show.php?id=148 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397
About
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com http://www.dsecrg.com
Polyakov Alexandr Information Security Analyst
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: a.polyakov@dsec.ru
www.dsec.ru
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "color laserjet 4700n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m9050 mpf",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet cp3505",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 2410",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 5200n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m3035 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet cm4730 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet 4730 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "ds 9200c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet cp4005n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet 3000n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 2430n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet cp6015",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet 3600n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 4345 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m9040 mpf",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet p4014",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m4345x mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 9040 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "cm8050 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 4250n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet p3005n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m3027 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet 3800n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet m5025 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet p4515",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 9050 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 9050n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 4240",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "ds 9250c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 4350n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "cm8060 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "laserjet 9040n",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "color laserjet 6040 mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "cm8050 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "cm8060 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet 3000n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet 3600n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet 3800n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet 4700n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet 6040 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet cm4730 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "color laserjet cp4005n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "ds 9200c",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "ds 9250c",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp color laserjet 4730 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp color laserjet cp3505",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp color laserjet cp6015",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 4240",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 4345 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 5200n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 9040 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 9040n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 9050 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet 9050n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet m3027 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet m3035 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet m5025 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet m9040 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet m9050 mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet p3005n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet p4014",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hp laserjet p4515",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 2410",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 2420",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 2430n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 4250n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 4350n",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet m4345x mfp",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "laserjet 4350n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 4250n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 5200n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 9050n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "color laserjet cp4005n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 2420",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "color laserjet 3800n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "color laserjet 4700n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 2410",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "laserjet 2430n",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "ds9250c digital sender",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "ds9200c digital sender",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet cp3505",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j7982e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.34.08"
},
{
"model": "jetdirect j7974e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.34.40"
},
{
"model": "laserjet p3005n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet cp6015",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "24200"
},
{
"model": "jetdirect j7991e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.34.60"
},
{
"model": "jetdirect j7973e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.30.31"
},
{
"model": "color laserjet cm4730 mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet 9050n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j7992e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.34.12"
},
{
"model": "cm8050",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet 4730mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "24100"
},
{
"model": "jetdirect j7990e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.33.41"
},
{
"model": "laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "42400"
},
{
"model": "laserjet p4015",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j8006e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.36.35"
},
{
"model": "jetdirect j8003e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.36.35"
},
{
"model": "jetdirect j7949e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.28.xx"
},
{
"model": "laserjet m9040",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "47300"
},
{
"model": "laserjet 5200n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet m4345x mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet 9040n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "80600"
},
{
"model": "laserjet m5025",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "50350"
},
{
"model": "jetdirect j7993e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.36.35"
},
{
"model": "color laserjet 4700n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet 3600n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "color laserjet 3000n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "30350"
},
{
"model": "color laserjet cp4005n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet 2430n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j7987e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.34.60"
},
{
"model": "laserjet p4515",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j8004e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.36.35"
},
{
"model": "color laserjet 3800n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "90400"
},
{
"model": "laserjet m3027",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet m9050 mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet p4014",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet 4350n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "laserjet 4250n",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jetdirect j7979e",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v.33.55"
},
{
"model": "color laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "60400"
},
{
"model": "laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "90500"
},
{
"model": "laserjet mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "43450"
}
],
"sources": [
{
"db": "BID",
"id": "36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm4730_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_9040_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m9050_mpf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_2430n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_4250n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:cm8050_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_3000n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_3800n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_4350n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_5200n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m4345x_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:cm8060_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_9040n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_3600n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp4005n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_4700n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_9050n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_6040_mfp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_m9040_mpf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:ds_9200c:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:ds_9250c:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:laserjet_p3005n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polyakov Alexandr research@dsecrg.ru",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2684",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2684",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-193",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. (1) support_param.html/config To script Apply In action Product_URL Parameters (2) support_param.html/config To script Apply In action Tech_URL Parameters. Multiple HP printers are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input. \nAttacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01841397\nVersion: 1\n\nHPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS). \n\nReferences: CVE-2009-2684\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-2684 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com. \n\nAffected Products - Jetdirect\n\nProduct\n Jetdirect Part Number\n Jetdirect Version or later\n\nHP Color LaserJet 3000n\n J7949E\n V.28.XX\n\nHP Color LaserJet CP3505\n J7987E\n V.34.60\n\nHP Color LaserJet 3600n\n J7973E\n V.30.31\n\nHP Color LaserJet 3800n\n J7949E\n V.28.XX\n\nHP Color LaserJet 4700n\n J7949E\n V.28.XX\n\nHP Color LaserJet CP4005n\n J7990E\n V.33.41\n\nHP LaserJet 2410/2420/2430n\n J7949E\n V.28.XX\n\nHP LaserJet P3005n\n J7979E\n V.33.55\n\nHP LaserJet 4240/4250n\n J7949E\n V.28.XX\n\nHP LaserJet 4350n\n J7949E\n V.28.XX\n\nHP LaserJet 5200n\n J7949E\n V.28.XX\n\nHP LaserJet 9040n/9050n\n J7949E\n V.28.XX\n\nHP Color LaserJet 4730 MFP\n J7949E\n V.28.XX\n\nHP Color LaserJet CM4730 MFP\n J7991E\n V.34.60\n\nHP LaserJet 9040/9050MFP\n J7949E\n V.28.XX\n\nHP LaserJet M3027/3035 MFP\n J7982E\n V.34.08\n\nHP LaserJet 4345 MFP\n J7949E\n V.28.XX\n\nHP LaserJet M4345x MFP\n J7982E\n V.34.08\n\nHP LaserJet M5025/5035 MFP\n J7982E\n V.34.08\n\nHP CM8050/8060 MFP\n J7974E\n V.34.40\n\nHP DS9200c Digital Sender\n J7949E\n V.28.XX\n\nHP DS9250c Digital Sender\n J7992E\n V.34.12\n\nHP LaserJet P4515\n J8003E\n V.36.35\n\nHP LaserJet P4015\n J8003E\n V.36.35\n\nHP LaserJet P4014\n J8006E\n V.36.35\n\nHP Color LaserJet CP6015\n J7993E\n V.36.35\n\nHP Color LaserJet 6040 MFP\n J7993E\n V.36.35\n\nHP LaserJet M9040/50 MFP\n J8004E\n V.36.35\n\nAffected Products - Embedded Web Server (EWS)\n\nProduct\n\nHP Color LaserJet 3000n\n\nHP Color LaserJet CP3505\n\nHP Color LaserJet 3600n\n\nHP Color LaserJet 3800n\n\nHP Color LaserJet 4700n\n\nHP Color LaserJet CP4005n\n\nHP LaserJet 2410/2420/2430n\n\nHP LaserJet P3005n\n\nHP LaserJet 4240/4250n\n\nHP LaserJet 4350n\n\nHP LaserJet 5200n\n\nHP LaserJet 9040n/9050n\n\nHP Color LaserJet 4730 MFP\n\nHP Color LaserJet CM4730 MFP\n\nHP LaserJet 9040/9050MFP\n\nHP LaserJet M3027/3035 MFP\n\nHP LaserJet 4345 MFP\n\nHP LaserJet M4345x MFP\n\nHP LaserJet M5025/5035 MFP\n\nHP CM8050/8060 MFP\n\nHP DS9200c Digital Sender\n\nHP DS9250c Digital Sender\n\nHP LaserJet P4515\n\nHP LaserJet P4015\n\nHP LaserJet P4014\n\nHP Color LaserJet CP6015\n\nHP Color LaserJet 6040 MFP\n\nHP LaserJet M9040/50 MFP\n\nNote: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting\n\nRESOLUTION\n\nThe following steps can be taken to limit the exposure to the XSS vulnerabilities. \n\nset the administrator password\nuse a new browser instance for administrator tasks\ndo not access other web sites while performing administrator tasks\nexit the browser when administrator tasks are complete\n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY\nVersion:1 (rev.1) - 7 October 2009 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (HP-UX)\n\niEYEARECAAYFAkrMkcsACgkQ4B86/C0qfVkloACeJjXFqi/GNPBY7Z/Zn5bkBchG\nRhUAoInJdnRoqTTCkgJqrss2Etcz9ool\n=xes/\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nKSP Sound Player \"m3u\" Playlist Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA36621\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36621/\n\nDESCRIPTION:\nhack4love has discovered a vulnerability in KSP Sound Player, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error in the processing\nof \"m3u\" files. This can be exploited to cause a stack-based buffer\noverflow when a user is tricked into opening a specially crafted\n\"m3u\" playlist file containing an overly long entry. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nSOLUTION:\nDo not open files from untrusted sources. \n\nPROVIDED AND/OR DISCOVERED BY:\nhack4love\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/9624\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nInput passed via the \"Product_URL\" and \"Tech_URL\" parameters to\nsupport_param.html/config is not properly sanitised before being\nused. \n\nSOLUTION:\nFilter malicious characters and character sequences in a web proxy. \n\nSee the vendor\u0027s advisory for recommended workarounds. \n\n\nDetails\n*******\n\nMultiple Linked Stored XSS vulnerabilities found in script support_param.html/config\n\nAttacker can inject XSS in parameters \"Product_URL\" and \"Tech_URL\". \n\nhttp://dsecrg.ru/pages/vul/show.php?id=148\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397\n\n\nAbout\n*****\n\nDigital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. \n\n\nContact: research [at] dsecrg [dot] com\n http://www.dsecrg.com\n \n\n\n\n\n\n\n\n\nPolyakov Alexandr\nInformation Security Analyst\n______________________\nDIGITAL SECURITY\nphone: +7 812 703 1547\n +7 812 430 9130\ne-mail: a.polyakov@dsec.ru \nwww.dsec.ru\n\n\n-----------------------------------\nThis message and any attachment are confidential and may be privileged or otherwise protected \nfrom disclosure. If you are not the intended recipient any use, distribution, copying or disclosure \nis strictly prohibited. If you have received this message in error, please notify the sender immediately \neither by telephone or by e-mail and delete this message and any attachment from your system. Correspondence \nvia e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding \nstatements by e-mail unless otherwise agreed. \n----------------------------------- \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "BID",
"id": "36613"
},
{
"db": "PACKETSTORM",
"id": "81861"
},
{
"db": "PACKETSTORM",
"id": "81236"
},
{
"db": "PACKETSTORM",
"id": "81902"
},
{
"db": "PACKETSTORM",
"id": "81867"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2684",
"trust": 2.9
},
{
"db": "BID",
"id": "36613",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "36969",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-2850",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "36621",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "9624",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "57983",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "9624",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "81861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81902",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81867",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "PACKETSTORM",
"id": "81861"
},
{
"db": "PACKETSTORM",
"id": "81236"
},
{
"db": "PACKETSTORM",
"id": "81902"
},
{
"db": "PACKETSTORM",
"id": "81867"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"id": "VAR-200910-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3677001075
},
"last_update_date": "2023-12-18T12:11:29.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBPI02463 SSRT090061",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01841397"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://dsecrg.com/pages/vul/show.php?id=148"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=125493484205823\u0026w=2"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/36969"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/36613"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2009/2850"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2684"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2684"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/9624"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/36621"
},
{
"trust": 0.6,
"url": "http://osvdb.org/57983"
},
{
"trust": 0.3,
"url": " http://www.phptoys.com/product/micro-news.html"
},
{
"trust": 0.3,
"url": "/archive/1/507038"
},
{
"trust": 0.3,
"url": "/archive/1/507033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2684"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01841397"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/secureprinting"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36621/"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/9624"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36969/"
},
{
"trust": 0.1,
"url": "http://dsecrg.ru/pages/vul/show.php?id=148"
},
{
"trust": 0.1,
"url": "http://[server]/support_param.html/config?admin_name=\u0026admin_phone=\u0026product_url=[xss]\u0026tech_url=[xss]\u0026apply=apply"
},
{
"trust": 0.1,
"url": "http://www.hp.com/"
},
{
"trust": 0.1,
"url": "https://www.dsec.ru"
},
{
"trust": 0.1,
"url": "http://www.dsecrg.com"
}
],
"sources": [
{
"db": "BID",
"id": "36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "PACKETSTORM",
"id": "81861"
},
{
"db": "PACKETSTORM",
"id": "81236"
},
{
"db": "PACKETSTORM",
"id": "81902"
},
{
"db": "PACKETSTORM",
"id": "81867"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"db": "PACKETSTORM",
"id": "81861"
},
{
"db": "PACKETSTORM",
"id": "81236"
},
{
"db": "PACKETSTORM",
"id": "81902"
},
{
"db": "PACKETSTORM",
"id": "81867"
},
{
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-07T00:00:00",
"db": "BID",
"id": "36613"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"date": "2009-10-08T01:48:47",
"db": "PACKETSTORM",
"id": "81861"
},
{
"date": "2009-09-14T05:28:47",
"db": "PACKETSTORM",
"id": "81236"
},
{
"date": "2009-10-12T11:22:25",
"db": "PACKETSTORM",
"id": "81902"
},
{
"date": "2009-10-08T01:58:53",
"db": "PACKETSTORM",
"id": "81867"
},
{
"date": "2009-10-13T10:30:00.280000",
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-07T22:19:00",
"db": "BID",
"id": "36613"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004860"
},
{
"date": "2018-10-10T19:41:38.577000",
"db": "NVD",
"id": "CVE-2009-2684"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP LaserJet upper Jetdirect Cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "81861"
},
{
"db": "PACKETSTORM",
"id": "81902"
},
{
"db": "PACKETSTORM",
"id": "81867"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-193"
}
],
"trust": 0.9
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.