@RISK: The Consensus Security Vulnerability Alert
Week 2 2012



This is a weekly newsletter that provides in-depth analysis of
the latest vulnerabilities with straightforward remediation advice. Qualys
supplies a large part of the newly-discovered vulnerability content used in
this newsletter.

@RISK: The Consensus Security Vulnerability Alert

Week 2 2012

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities

Other Microsoft Products 1 (#1)
Windows 4 (#1)
Other Microsoft Products 2
Third Party Windows Apps 2
Linux 1
Cross Platform 8 (#2,#3,#4)
Web Application - Cross Site Scripting 1
Web Application 7
Hardware 1


Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Microsoft Products Multiple Security Vulnerabilities
(2) HIGH: Adobe Multiple Security Vulnerabilities
(3) HIGH: Apache Struts Multiple Security Vulnerabilities
(4) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
12.2.1 - Microsoft Windows Kernel SafeSEH Security Bypass
12.2.2 - Microsoft Windows CSRSS Local Privilege Escalation
12.2.3 - Microsoft Windows ClickOnce Application Installer Remote Code Execution
12.2.4 - Microsoft Windows Object Packager Remote Code Execution
-- Other Microsoft Products
12.2.5 - Microsoft AntiXSS Library Sanitization Module Security Bypass
12.2.6 - Microsoft Windows Media Player Remote Code Execution
- - -- Third Party Windows Apps
12.2.7 - Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
12.2.8 - Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting
-- Linux
12.2.9 - Super Remote Buffer Overflow
-- Cross Platform
12.2.10  - Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12.2.11  - OpenSSL Multiple Vulnerabilities
12.2.12  - Google Chrome Multiple Security Vulnerabilities
12.2.13  - FFmpeg Multiple Remote Vulnerabilities
12.2.14  - GnuTLS DTLS Information Disclosure
12.2.15  - ZNC "bouncedcc" Module Remote Denial of Service
12.2.16  - Adobe Acrobat and Reader Multiple Vulnerabilities
12.2.17  - PowerDNS Authoritative Server Remote Denial of Service
-- Web Application - Cross Site Scripting
12.2.18  - IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting Vulnerabilities
-- Web Application
12.2.19  - IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service
12.2.20  - Yaws Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
12.2.21  - Moodle "/calendar/set.php" HTTP Response Splitting
12.2.22  - ImpressCMS Cross-Site Scripting and Local File Include Vulnerabilities
12.2.23  - PHPIDS ReDoS Filters Security Bypass
12.2.24  - eFront "download" Parameter Directory Traversal
12.2.25  - dl Download Ticket Service Authentication Bypass
-- Hardware
12.2.26  - HP LaserJet Printers Directory Traversal

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process

(1) HIGH: Microsoft Products Multiple Security Vulnerabilities
Affected
Microsoft Office
Microsoft Windows Media Player

Description As part of its patch Tuesday program, Microsoft has
released patches addressing multiple security vulnerabilities in its
products. Patches for Microsoft Office address two problems with the
Windows Object Packager, which is responsible for checking for unsafe
objects embedded in Office files. The problem involves ClickOnce files,
which are self-updating executables that are designed to be installed
and run with minimal user interaction. Because these files are not
considered unsafe by Windows Object Packager, they can be embedded into
Office files. Another patch addresses an improper registry key used by
Windows Object Package manager. By enticing a target to open a malicious
file, an attacker can use either of these vulnerabilities to execute
arbitrary code on a target's machine without any other interaction on
the part of the target. Two vulnerabilities affecting Windows Media
Player have also been addressed. By enticing a target to view a
malicious MIDI or DirectShow file, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on the target's
machine.

Status vendor confirmed, updates available

References
Vendor Site
http://www.microsoft.com
Microsoft Security Bulletins
http://technet.microsoft.com/en-us/security/bulletin/ms12-002
http://technet.microsoft.com/en-us/security/bulletin/ms12-005
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51284
http://www.securityfocus.com/bid/51292
http://www.securityfocus.com/bid/51295
http://www.securityfocus.com/bid/51297

(2) HIGH: Adobe Multiple Security Vulnerabilities
Affected
Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh

Description Adobe has released patches for multiple unspecified
security vulnerabilities and a signedness error in a component of Adobe
Reader responsible for parsing BMP images. By enticing a target to view
a malicious file, an attacker can exploit these vulnerabilities in order
to corrupt memory and possibly execute arbitrary code on a target's
machine.

Status vendor confirmed, updates available

References
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-01.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51348
http://www.securityfocus.com/bid/51349
http://www.securityfocus.com/bid/51350
http://www.securityfocus.com/bid/51351

(3) HIGH: Apache Struts Multiple Security Vulnerabilities
Affected

Description Apache has released a patch addressing multiple security
vulnerabilities in its Struts web application server. Struts is used to
serve Java servlets, which are web applications written in Java. One
vulnerability involves a problem in Strut's reporting during exception
handling, when user-supplied parameter values are evaluated as OGNL
expressions. OGNL, an expression language for Java, allows for only a
subset of Java to be used, but this is still enough for arbitrary code
execution. Another vulnerability involves unsafe evaluation of cookie
names, which can be used by an attacker to access static methods. By
sending a malicious request, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on a target's
machine.

Status vendor confirmed, updates available

References
Vendor Site
http://www.apache.org
Apache Security Bulletin
http://struts.apache.org/2.x/docs/s2-008.html

(4) MEDIUM: Google Chrome Multiple Security Vulnerabilities
Affected
Google Chrome prior to 16.0.912.75

Description Google has released a patch addressing multiple security
vulnerabilities affecting its Chrome web browser. The vulnerabilities
include a use-after-free issue in animation frames, a heap buffer
overflow in libxml, and a stack-buffer overflow in glyph handling.
Google has not provided technical information for these vulnerabilities,
but because they are related HIGH, it is likely that some of them can
be exploited to execute arbitrary code on a target's machine. To do so,
an attacker would have to entice the target to view a malicious site.

Status vendor confirmed, updates available

References
Vendor Site
http://www.google.com
Google Stable Channel Updates
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51300

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 13008 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

12.2.1 CVE CVE-2012-0001
Platform Windows
Title Microsoft Windows Kernel SafeSEH Security Bypass
Description Microsoft Windows is exposed to a security bypass issue
that affects the "Ntdll.dll" component. Specifically, this issue
occurs due to the way the Windows kernel loads a structured exception
handling table into the "Load Configuration" PE header during binary
execution. x64-based editions of Windows XP and all supported editions
of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
and Windows Server 2008 R2 are affected.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-001

12.2.2 CVE CVE-2012-0005
Platform Windows
Title Microsoft Windows CSRSS Local Privilege Escalation
Description Microsoft Windows is exposed to a local
privilege escalation issue that exists in the Client/Server Run time
Subsystem. Specifically, this issue occurs when processing a
sequence of specially crafted Unicode characters. All supported
editions of Windows XP, Windows Server 2003, Windows Vista and Windows
Server 2008 are affected.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-003

12.2.3 CVE CVE-2012-0013
Platform Windows
Title Microsoft Windows ClickOnce Application Installer Remote Code
Execution
Description Microsoft Windows is exposed to a remote code execution
issue. This issue occurs because the ClickOnce application file type
is not included in the Windows Packager unsafe file type list. This
will allow attackers to embed ClickOnce applications into Microsoft
Office documents. All supported releases of Microsoft Windows are
affected.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-005

12.2.4 CVE CVE-2012-0009
Platform Windows
Title Microsoft Windows Object Packager Remote Code Execution
Description Microsoft Windows is exposed to a remote code execution
issue. This issue occurs because the application fails to properly
register and implement the Windows Object Packager. All supported
editions of Windows XP and Windows Server 2003 are affected.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-002

12.2.5 CVE CVE-2012-0007
Platform Other Microsoft Products
Title Microsoft AntiXSS Library Sanitization Module Security Bypass
Description Microsoft Anti-Cross Site Scripting Library (AntiXSS) is
an encoding library designed to protect ASP.NET web-based applications
from XSS attacks. The library is exposed to a security bypass issue
that affects the sanitization module. This occurs because the library
fails to properly sanitize specially crafted HTML. Microsoft
Anti-Cross Site Scripting Library version 3.x and 4.0 are vulnerable.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-007

12.2.6 CVE CVE-2012-0003,CVE-2012-0004
Platform Other Microsoft Products
Title Microsoft Windows Media Player Remote Code Execution
Description Microsoft Windows Media Player is a multimedia
application available for the Windows operating system. The
application is exposed to a remote code execution issue when handling
specially crafted media content. Specifically, the issue affects the
windows multimedia library ("winmm.dll") when parsing a
specially crafted MIDI file. All supported editions of Windows XP,
Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2, Windows XP Media Center Edition 2005 Service
Pack 3 and Windows Media Center TV Pack for Windows Vista are affected.
Ref http://technet.microsoft.com/en-us/security/bulletin/MS12-004

12.2.7 CVE CVE-2011-4056
Platform Third Party Windows Apps
Title Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
Description Siemens Tecnomatix FactoryLink is Supervisory Control and
Data Acquisition software. The application is exposed to an
arbitrary file overwrite issue because it fails to properly sanitize
user-supplied input before saving files. Specifically, attackers can
save data to an arbitrary file, overwriting the current content.
Siemens Tecnomatix FactoryLink V8.0.2.54, V7.5.217 (V7.5 SP2) and
V6.6.1 (V6.6 SP1) are affected.
Ref http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf
http://www.securityfocus.com/bid/51267/references

12.2.8 CVE Not Available
Platform Third Party Windows Apps
Title Hitachi Multiple IT Operations Products Unspecified Cross-Site
Scripting
Description Hitachi IT Operations Director offers an all-in-one
solution focused on key IT lifecycle management functions. Hitachi IT
Operations Analyzer is software that monitors IT Infrastructure
availability and performance. The two Products are exposed to an
unspecified cross-site scripting issue because they fail to properly
sanitize user-supplied input. Hitachi IT Operations Director 02-50-01
to 02-50-07, 03-00 to 03-00-04, Hitachi IT Operations Analyzer 02-01,
02-51 to 02-51-01 and 02-53 to 02-53-02 are affected.
Ref
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html

12.2.9 CVE CVE-2011-2776
Platform Linux
Title Super Remote Buffer Overflow
Description Super is a Linux package used to allow users to execute
scripts and commands as if they were root. The application is exposed
to a remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data before copying it to an
insufficiently sized buffer. Specifically, the issue affects the
syslog logging code. Super 3.30.0-2 is vulnerable and other versions
may also be affected.
Ref http://www.securityfocus.com/bid/51319/references
http://packages.debian.org/source/lenny/super

12.2.10 CVE Not Available
Platform Cross Platform
Title Apache Struts Remote Command Execution and Arbitrary File
Overwrite Vulnerabilities
Description Apache Struts is a framework for building Web
applications. The framework is exposed to multiple issues. A remote
command execution issue affects the "CookieInterceptor" class because
the application fails to restrict access to certain static methods
when handling cookie names. An arbitrary file overwrite issue
exists because the "ParameterInterceptor" fails to properly sanitize
user-supplied input before creating files. Versions prior to Apache
Struts 2.3.1.1 are vulnerable and other versions may also be affected.
Ref http://struts.apache.org/2.x/docs/s2-008.html

12.2.11 CVE
CVE-2012-0027,CVE-2011-4619,CVE-2011-4577,CVE-2011-4576,CVE-2011-4109,CVE-2011-4108
Platform Cross Platform
Title OpenSSL Multiple Vulnerabilities
Description OpenSSL is an open-source implementation of the SSL
protocol, which is used by a number of other projects. OpenSSL is
exposed to multiple issues. An information disclosure issue affects the
CBC mode encryption of Datagram Transport Layer Security (DTLS).  A
memory corruption issue occurs due to a double-free condition in policy
checks while using X509_V_FLAG_POLICY_CHECK. An information disclosure
issue exists.  Specifically, in each record, up to 15 bytes of
uninitialized memory is encrypted and sent to the SSL peer. The issue
exists because the library does not properly clear the bytes used as
block cipher padding in SSL 3.0 records. A denial of service issue
occurs due to an assertion failure when handling specially crafted RFC
3779 data in certificates. 5) A denial of service issue affects the
support for handshake restarts for server gated cryptography (SGC). A
denial of service issue affects the GOST ENGINE when processing
specially crafted GOST parameters. Successful exploitation of these
issues will cause the server to crash due to lack of error checking.
OpenSSL versions 1.0.0x before 1.0.0f or 0.9.8x before 0.9.8s are
affected.
Ref http://www.openssl.org/news/secadv_20120104.txt
http://www.securityfocus.com/bid/51281/references

12.2.12 CVE CVE-2011-3922,CVE-2011-3921,CVE-2011-3919
Platform Cross Platform
Title Google Chrome Multiple Security Vulnerabilities
Description Google Chrome is a web browser for multiple platforms.
The application is exposed to multiple security issues. A remote
memory corruption issue occurs due to a use-after-free error in
the animation frame. A buffer overflow issue occurs because it fails to
perform adequate boundary checks when handling "glyph" data.
A heap-based buffer overflow issue occurs because it fails to perform
adequate boundary checks on user-supplied data in the "libxml"
library. Versions prior to Chrome 16.0.912.75 are vulnerable.
Ref http://www.securityfocus.com/bid/51300/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

12.2.13 CVE Not Available
Platform Cross Platform
Title FFmpeg Multiple Remote Vulnerabilities
Description FFmpeg is a multimedia player. The application is exposed
to multiple remote issues includinr multiple denial of service issues and
multiple NULL pointer dereference errors that can be exploited to
crash the application. FFmpeg versions prior to 0.9.1 are vulnerable.
Ref http://www.securityfocus.com/bid/51307/references
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.9.1

12.2.14 CVE CVE-2012-0390
Platform Cross Platform
Title GnuTLS DTLS Information Disclosure
Description GNU Transport Layer Security Library is a
library that implements the TLS 1.0 and SSL 3.0 protocols. The library
is exposed to an information disclosure issue that affects the CBC
mode encryption of Datagram Transport Layer Security.
Specifically, the issue exists due to timing differences in the
decryption process. Versions prior to 3.0.11 are vulnerable.
Ref http://www.gnu.org/software/gnutls/security.html
http://www.securityfocus.com/bid/51322/references

12.2.15 CVE Not Available
Platform Cross Platform
Title ZNC "bouncedcc" Module Remote Denial of Service
Description ZNC is a bouncer application for Internet Relay Chat.
The application is exposed to a remote denial of service issue
in the "bouncedcc" module. This issue affects the
"CBounceDCCMod:OnPrivCTCP()" function of the "modules/bouncedcc.cpp"
file. The issue affects ZNC 0.202 and other versions may also be
affected.
Ref
https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9#modules/bouncedcc.cpp

12.2.16 CVE CVE-2011-2462, CVE-2011-4369, CVE-2011-4370,
CVE-2011-4371, CVE-2011-4372, CVE-2011-4373
Platform Cross Platform
Title Adobe Acrobat and Reader Multiple Vulnerabilities
Description Adobe Reader and Acrobat are applications for handling
PDF files. The applications are exposed to multiple security issues.
See reference for detailed information. Adobe Reader X (10.1.1) and
earlier 10.x versions for Windows and Macintosh, Adobe Reader 9.4.7
and earlier 9.x versions for Windows, Adobe Reader 9.4.6 and earlier
9.x versions for Macintosh, Adobe Acrobat X (10.1.1) and earlier 10.x
versions for Windows and Macintosh, Adobe Acrobat 9.4.7 and earlier
9.x versions for Windows, Adobe Acrobat 9.4.6 and earlier 9.x versions
for Macintosh are affected.
Ref http://www.adobe.com/support/security/bulletins/apsb12-01.html

12.2.17 CVE CVE-2012-0206
Platform Cross Platform
Title PowerDNS Authoritative Server Remote Denial of Service
Description PowerDNS is a DNS nameserver available for various
platforms. The application is exposed to a remote denial of service
issue. This issue is due to design flaw in the way the authoritative
server responds to response packets. PowerDNS Authoritative Server
versions prior to 3.0.1 (with the exception of 2.9.22.5) are affected.
Ref http://wiki.powerdns.com/trac/changeset/2331
http://mailman.powerdns.com/pipermail/pdns-users/2012-January/008457.html
http://www.securityfocus.com/bid/51355/references

12.2.18 CVE Not Available
Platform Web Application - Cross Site Scripting
Title IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting
Vulnerabilities
Description IBM Cognos TM1 Executive Viewer provides users with
Web-based access to information from online analytical processing
databases for analysis and reporting. The application is exposed to
multiple cross-site scripting issues because the application fails to
sufficiently sanitize user-supplied input to the "aspnet_client/" and
"evserver/createcontrol.js" script. IBM Cognos TM1 Executive Viewer
9.4 is vulnerable and other versions may also be affected.
Ref http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682
http://xforce.iss.net/xforce/xfdb/72198

12.2.19 CVE Not Available
Platform Web Application
Title IBM WebSphere Application Server Community Edition Tomcat
Container Denial Of Service
Description IBM WebSphere Application Server Community Edition
is a web server. The application is exposed to a denial of service
issue. Specifically, this issue occurs because of an unspecified error
within the Tomcat container. Attackers can exploit this issue by
sending specially crafted requests with many parameters to the
vulnerable server. WebSphere Application Server Community Edition
v3.0.0.0, v2.1.x.x prior to 2.1.1.6 and v1.1.x.x are affected.
Ref http://www-01.ibm.com/support/docview.wss?uid=swg21577274
http://www-01.ibm.com/support/docview.wss?uid=swg21575700
http://www.securityfocus.com/bid/51345/references

12.2.20 CVE CVE-2011-5025
Platform Web Application
Title Yaws Multiple Cross-Site Scripting and HTML Injection
Vulnerabilities
Description Yaws is an application web server. The application is
exposed to multiple issues. Multiple cross-site scripting issues
affect the following scripts and parameters: "editTag.yaws" : "tag",
"showOldPage.yaws" : "index" and "allRefsToMe.yaws" : "node". An
HTML-injection issue affects an unknown parameter of the
"editPage.yaws" script. Yaws 1.88 is vulnerable and other versions may
be affected.
Ref http://www.securityfocus.com/bid/51276/references
https://sitewat.ch/Advisory/View/4
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5025

12.2.21 CVE CVE-2011-4203
Platform Web Application
Title Moodle "/calendar/set.php" HTTP Response Splitting
Description Moodle is a content manager for online courseware, it is
implemented in PHP. The application is exposed to an
HTTP response splitting issue because it fails to sufficiently
sanitize input submitted to the "$url" variable of the
"/calendar/set.php" script in the Calendar component before using it
in HTTP headers. Moodle 1.9.x versions prior to 1.9.15, 2.0.x versions
prior to 2.0.6, 2.1.x versions prior to 2.1.3 and 2.2 are affected.
Ref http://www.securityfocus.com/bid/51264/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4203

12.2.22 CVE Not Available
Platform Web Application
Title ImpressCMS Cross-Site Scripting and Local File Include
Vulnerabilities
Description ImpressCMS is a PHP-based e-commerce application. The
application is exposed to multiple input validation issues includeing
multiple cross-site scripting issues and a local file include issue that
affects the "icmsConfigPlugins[sanitizer_plugins]" parameter of the
"edituser.php" script. ImpressCMS 1.3 Final is vulnerable and other
versions may also be affected.
Ref http://www.securityfocus.com/archive/1/521112
http://community.impresscms.org/modules/smartsection/item.php?itemid=579

12.2.23 CVE CVE-2011-5021
Platform Web Application
Title PHPIDS ReDoS Filters Security Bypass
Description PHPIDS is a PHP-based web application. The application
is exposed to a security bypass issue. Specifically, the issue occurs
due to improper implementation of Regular Expression Denial of Service
filters. PHPIDS versions before 0.7 are affected.
Ref http://www.securityfocus.com/bid/51277/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5021
https://sitewat.ch/Advisory/View/7

12.2.24 CVE Not Available
Platform Web Application
Title eFront "download" Parameter Directory Traversal
Description eFront is a PHP-based e-learning application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input submitted to the
"download" parameter of the "student.php" script. eFront 3.6.10 is
vulnerable and other versions may also be affected.
Ref http://www.efrontlearning.net/download
http://www.securityfocus.com/bid/51302/references

12.2.25 CVE Not Available
Platform Web Application
Title dl Download Ticket Service Authentication Bypass
Description dl Download Ticket Service is a PHP-based ticket
management system. The application is exposed to an authentication
bypass issue because an attacker can log in as an arbitrary user by
forging an authorization header. dl Download Ticket Service 0.3 to 0.9
is vulnerable and other versions may also be affected.
Ref http://www.thregr.org/~wavexx/software/dl/NEWS.html
http://www.securityfocus.com/bid/51347/references

12.2.26 CVE CVE-2011-4785
Platform Hardware
Title HP LaserJet Printers Directory Traversal
Description HP LaserJet printers are network attached printers. The
devices are exposed to a directory traversal issue because they fail
to sufficiently sanitize user-supplied input. HP LaserJet P3015 with
firmware prior to 07.080.3 are affected.
Ref
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700&ac.admitted=1326170524652.876444892.492883150

Qualys Solutions
Qualys Community
Free Tools & Trials
Free Trial

Nothing to install or download!

1 (800) 745 4355