CVE-2009-0940
N/A
N/A
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2009/0754
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
- http://osvdb.org/52848
- http://www.securityfocus.com/bid/34143
- http://osvdb.org/52849
- http://www.securityfocus.com/archive/1/501884/100/0/threaded
- http://www.louhinetworks.fi/advisory/HP_20090317.txt
- http://osvdb.org/52847
References
- http://www.vupen.com/english/advisories/2009/0754
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
- http://osvdb.org/52848
- http://www.securityfocus.com/bid/34143
- http://osvdb.org/52849
- http://www.securityfocus.com/archive/1/501884/100/0/threaded
- http://www.louhinetworks.fi/advisory/HP_20090317.txt
- http://osvdb.org/52847
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.