Details of VAR-200903-0381

ID

VAR-200903-0381

CVE

CVE-2009-0940

TITLE

HP LaserJet Printer , HP Edgeline Printer , and HP Digital Sender Run on HP Embedded Web Server (EWS) Multiple cross-site request forgery vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-001458

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. Multiple HP printers are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to change a device's configuration and perform other unauthorized actions. This issue affects HP LaserJet M1522n MFP and HP Color LaserJet 2605dtn. Other models in the LaserJet Printer, Edgeline Printer, and Digital Sender lines are also expected to be affected. The embedded WEB server of LaserJet series laser printer accepts the printing request sent on TCP port 9100 by default. If a user is tricked into visiting a website containing malicious code, it may lead to a cross-site request forgery attack and unauthorized changes to the printer network configuration or user password

Trust: 1.98

sources: NVD: CVE-2009-0940 // JVNDB: JVNDB-2009-001458 // BID: 34143 // VULHUB: VHN-38386

AFFECTED PRODUCTS

vendor:	hp	model:	laserjet 9050mfp	scope:	eq	version:	20080204_08.110.0	Trust: 1.6
vendor:	hp	model:	laserjet 9040mfp	scope:	eq	version:	20080204_08.110.0	Trust: 1.6
vendor:	hp	model:	laserjet 2430	scope:	eq	version:	20070410_08.112.3	Trust: 1.0
vendor:	hp	model:	laserjet 4000n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2200	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet iid	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m3035 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1100	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4v\/mv	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9040mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p2010	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4345mfp	scope:	eq	version:	20081211_09.131.1	Trust: 1.0
vendor:	hp	model:	color laserjet 2500n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	9250c digital sender	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet 9065	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p2015	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9050 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 9500 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4p\/mp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4200	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500tn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4700	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4350dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 1500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4730 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2300dn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9000 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9040	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9050mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1005	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4si	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m5025 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1020	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p3000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 5550	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2430	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p2050	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2605dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p4014	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	edgeline printers	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 3700	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2600c	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1300	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5\/m\/n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4100	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1018s	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p2030	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1018	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500l	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9000mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4250	scope:	eq	version:	20080319_08.015.0	Trust: 1.0
vendor:	hp	model:	8100c digital sender	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet 4250	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4240n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1005	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m3027 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1022	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5200	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 3000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2600n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1320	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4240	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p4010	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4650	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1160	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600dn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2500c	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1505n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1020 plus	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p2000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9040	scope:	eq	version:	20080204_08.110.0	Trust: 1.0
vendor:	hp	model:	laserjet 2200dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 8500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 8000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2410	scope:	eq	version:	20070410_08.112.3	Trust: 1.0
vendor:	hp	model:	digital senders	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5100	scope:	eq	version:	v.29.12	Trust: 1.0
vendor:	hp	model:	laserjet 1022n	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9050	scope:	eq	version:	20080204_08.110.0	Trust: 1.0
vendor:	hp	model:	color laserjet 5500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m1522n mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5si	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1022nw	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4m plus	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1009	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 9500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1012	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 8150	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1200	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m5035 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4370mfp	scope:	eq	version:	20081211_46.211.2	Trust: 1.0
vendor:	hp	model:	laserjet 4345 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p3005	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2420	scope:	eq	version:	20070410_08.112.3	Trust: 1.0
vendor:	hp	model:	laserjet 4100mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 4600hdn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5000	scope:	eq	version:	r.25.47	Trust: 1.0
vendor:	hp	model:	laserjet 5m	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4050	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4l\/ml	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1505	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2400	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5000	scope:	eq	version:	r.25.15	Trust: 1.0
vendor:	hp	model:	9200c digital sender	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet 2100	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 8150dn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1015	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2300	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4200ln	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5l	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color mfp cm8050	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet 4\/4m	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9500mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5100dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 9500mfp	scope:	eq	version:	20070719_05.011.2	Trust: 1.0
vendor:	hp	model:	laserjet p1500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4650dn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5100	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1010	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4100 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1006	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1008	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5p\/mp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet iiip	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet ii	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p4015	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p4510	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4300	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p4500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1000	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 2500lse	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet iiisi	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet p1007	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color mfp cm8060	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet iiid	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4200dtn	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	9100c digital sender	scope:	eq	version:	-	Trust: 1.0
vendor:	hp	model:	laserjet iip	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4350	scope:	eq	version:	20080319_08.015.0	Trust: 1.0
vendor:	hp	model:	laserjet iii	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4350	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9055	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 1150	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 2500	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet m4345 mfp	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	color laserjet 8550	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet iip plus	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 4 plus\/m plus	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 9050	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 5	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 500 plus	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	laserjet 8100	scope:	eq	version:	*	Trust: 1.0
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	1500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	2500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	2605 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	4370 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	4600 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	4650 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	4700 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	4730 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	5500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	5550 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	8500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	8550 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	9500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color laserjet	scope:	eq	version:	printer	Trust: 0.8
vendor:	hewlett packard	model:	hp color mfp products	scope:	eq	version:	cm8050	Trust: 0.8
vendor:	hewlett packard	model:	hp color mfp products	scope:	eq	version:	cm8060	Trust: 0.8
vendor:	hewlett packard	model:	hp digital sender	scope:	eq	version:	none	Trust: 0.8
vendor:	hewlett packard	model:	hp digital sender	scope:	eq	version:	8100	Trust: 0.8
vendor:	hewlett packard	model:	hp digital sender	scope:	eq	version:	9100	Trust: 0.8
vendor:	hewlett packard	model:	hp digital sender	scope:	eq	version:	9200	Trust: 0.8
vendor:	hewlett packard	model:	hp digital sender	scope:	eq	version:	9250	Trust: 0.8
vendor:	hewlett packard	model:	hp edgeline printer	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1005 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1010 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1012 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1015 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1018 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1020 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1022 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1100 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1150 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1160 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1200 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1300 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	1320 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2100 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2200 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2300 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2400 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2410 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2430 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	2600 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	3 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	3000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	3700 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4050 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4100 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4200 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4240 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4250 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4300 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4345 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4350 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	4650 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	5 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	5000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	5100 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	5200 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	8000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	8100 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	8150 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9040 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9050 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9055 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9065 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	9500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m1522 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m3027 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m3035 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m4345 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m5025 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	m5035 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1005 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1006 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1007 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1008 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1009 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p1505 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p2000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p2010 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p2015 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p2030 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p2050 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p3000 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p3005 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p4010 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p4014 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p4015 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p4500 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	p4510 printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	printer	Trust: 0.8
vendor:	hewlett packard	model:	hp laserjet	scope:	eq	version:	printer series2	Trust: 0.8
vendor:	hp	model:	laserjet 9055	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet m5035 mfp	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet 9065	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet m5025 mfp	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet 9050mfp	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet 9500	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet 9050	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet p2000	scope:	-	version:	-	Trust: 0.6
vendor:	hp	model:	laserjet m1522n mfp	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	embedded web server	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	edgeline printer	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	digital sender	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	color laserjet 2605dtn	scope:	eq	version:	0	Trust: 0.3

sources: BID: 34143 // JVNDB: JVNDB-2009-001458 // CNNVD: CNNVD-200903-312 // NVD: CVE-2009-0940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0940
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-0940
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200903-312
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-38386
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0940
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38386
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38386 // JVNDB: JVNDB-2009-001458 // CNNVD: CNNVD-200903-312 // NVD: CVE-2009-0940

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-38386 // JVNDB: JVNDB-2009-001458 // NVD: CVE-2009-0940

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-312

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200903-312

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001458

PATCH

title:

c01684566

url:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566

Trust: 0.8

sources: JVNDB: JVNDB-2009-001458

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0940	Trust: 2.5
db:	BID	id:	34143	Trust: 2.0
db:	VUPEN	id:	ADV-2009-0754	Trust: 1.7
db:	OSVDB	id:	52847	Trust: 1.7
db:	OSVDB	id:	52848	Trust: 1.7
db:	OSVDB	id:	52849	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-001458	Trust: 0.8
db:	CNNVD	id:	CNNVD-200903-312	Trust: 0.7
db:	HP	id:	HPSN-2009-001	Trust: 0.6
db:	BUGTRAQ	id:	20090316 HP LASERJET MULTIPLE MODELS WEB MANAGEMENT CSRF VULNERABILITY & INSECURE DEFAULT CONFIGURATION	Trust: 0.6
db:	VULHUB	id:	VHN-38386	Trust: 0.1

sources: VULHUB: VHN-38386 // BID: 34143 // JVNDB: JVNDB-2009-001458 // CNNVD: CNNVD-200903-312 // NVD: CVE-2009-0940

REFERENCES

url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01684566	Trust: 2.0
url:	http://www.securityfocus.com/bid/34143	Trust: 1.7
url:	http://www.louhinetworks.fi/advisory/hp_20090317.txt	Trust: 1.7
url:	http://osvdb.org/52847	Trust: 1.7
url:	http://osvdb.org/52848	Trust: 1.7
url:	http://osvdb.org/52849	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/0754	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/501884/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0940	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0940	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/501884/100/0/threaded	Trust: 0.6
url:	http://www.phptoys.com/product/micro-news.html	Trust: 0.3
url:	/archive/1/501884	Trust: 0.3

sources: VULHUB: VHN-38386 // BID: 34143 // JVNDB: JVNDB-2009-001458 // CNNVD: CNNVD-200903-312 // NVD: CVE-2009-0940

CREDITS

Henri Lindberg henri.lindberg@louhi.fi

Trust: 0.6

sources: CNNVD: CNNVD-200903-312

SOURCES

db:	VULHUB	id:	VHN-38386
db:	BID	id:	34143
db:	JVNDB	id:	JVNDB-2009-001458
db:	CNNVD	id:	CNNVD-200903-312
db:	NVD	id:	CVE-2009-0940

LAST UPDATE DATE

2025-04-10T23:03:12.478000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38386	date:	2018-10-10T00:00:00
db:	BID	id:	34143	date:	2009-03-17T17:16:00
db:	JVNDB	id:	JVNDB-2009-001458	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-312	date:	2009-04-02T00:00:00
db:	NVD	id:	CVE-2009-0940	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38386	date:	2009-03-18T00:00:00
db:	BID	id:	34143	date:	2009-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2009-001458	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-312	date:	2009-03-18T00:00:00
db:	NVD	id:	CVE-2009-0940	date:	2009-03-18T21:00:00.377