| Vulnerability Name: | CCN-1431 |
| Published: | 1998-12-10 |
| Updated: | 1998-12-10 |
| Summary: | Older TCP/IP implementations on HP JetDirect cards and servers are vulnerable to denial of service (DoS) attacks that require power cycling the server or the printer to recover.
The single-threaded nature of the older JetDirect interface prevents other ports from being accessed whenever one of the JetDirect access ports is occupied. When the device is receiving lpd data, it is unavailable to lpq/lpstat queries. If anything goes wrong in this single-threaded interface, all access can be denied to the printer. Newer JetDirect interfaces feature a Web interface for configuration, access, and control. Because the interface does not use SSL encryption, the potential exists for exposing sensitive information, such as administrative passwords and configuration information, to sniffing attacks. |
| CVSS v3 Severity: | |
| CVSS v2 Severity: | |
| Vulnerability Consequences: | Denial of Service |
| References: | Source: CCN Type: Internet Security Systems Security Alert #15 HP JetDirect TCP/IP problems Source: XF Type: UNKNOWN hp-jetdirect-tcpip(1431) |
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable |
| BACK | |