{"api_version":"1","generated_at":"2026-04-23T17:15:14+00:00","cve":"CVE-2006-1654","urls":{"html":"https://cve.report/CVE-2006-1654","api":"https://cve.report/api/cve/CVE-2006-1654.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1654","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1654"},"summary":{"title":"CVE-2006-1654","description":"Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-04-06 10:04:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2006/1230","name":"http://www.vupen.com/english/advisories/2006/1230","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25627","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25627","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19529","name":"http://secunia.com/advisories/19529","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive Information - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/24396","name":"http://www.osvdb.org/24396","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/429984/100/0/threaded","name":"http://www.securityfocus.com/archive/1/429984/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html","name":"http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Neohapsis Archives - Full Disclosure List - #0085 - [Full-disclosure] [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded","name":"http://www.securityfocus.com/archive/1/429893/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015862","name":"http://securitytracker.com/id?1015862","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"SecurityTracker.com Archives - HP Color LaserJet Toolbox Software Lets Remote Users View Files on the Target System","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17367","name":"http://www.securityfocus.com/bid/17367","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1654","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1654","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet","cpe6":"4600dn","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet","cpe6":"4600dtn","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet","cpe6":"4600hdn","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_2500","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_2500l","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_2500lse","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_2500n","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_2500tn","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"color_laserjet_2500_toolbox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"hp","cpe5":"color_laserjet_4600","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"color_laserjet_4600_toolbox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1654","cve":"CVE-2006-1654","epss":"0.102700000","percentile":"0.931820000","score_date":"2026-04-19","updated_at":"2026-04-20 00:11:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T17:19:49.234Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/429984/100/0/threaded"},{"name":"24396","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/24396"},{"name":"17367","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17367"},{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html"},{"name":"hp-laserjet-toolbox-directory-traversal(25627)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25627"},{"name":"19529","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19529"},{"name":"1015862","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015862"},{"name":"HPSBPI2109","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"SSRT061141","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"ADV-2006-1230","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1230"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-04-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-18T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/429984/100/0/threaded"},{"name":"24396","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/24396"},{"name":"17367","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17367"},{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html"},{"name":"hp-laserjet-toolbox-directory-traversal(25627)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25627"},{"name":"19529","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19529"},{"name":"1015862","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015862"},{"name":"HPSBPI2109","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"SSRT061141","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"ADV-2006-1230","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1230"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-1654","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/429984/100/0/threaded"},{"name":"24396","refsource":"OSVDB","url":"http://www.osvdb.org/24396"},{"name":"17367","refsource":"BID","url":"http://www.securityfocus.com/bid/17367"},{"name":"20060404 [SEC-1 LTD] HP Colour LaserJet 2500 and 4600 Toolbox Directory Traversal Vulnerability","refsource":"FULLDISC","url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html"},{"name":"hp-laserjet-toolbox-directory-traversal(25627)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25627"},{"name":"19529","refsource":"SECUNIA","url":"http://secunia.com/advisories/19529"},{"name":"1015862","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015862"},{"name":"HPSBPI2109","refsource":"HP","url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"SSRT061141","refsource":"HP","url":"http://www.securityfocus.com/archive/1/429893/100/0/threaded"},{"name":"ADV-2006-1230","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1230"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-1654","datePublished":"2006-04-06T10:00:00.000Z","dateReserved":"2006-04-06T00:00:00.000Z","dateUpdated":"2024-08-07T17:19:49.234Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-04-06 10:04:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:color_laserjet_2500_toolbox:*:*:*:*:*:*:*:*","matchCriteriaId":"2A304024-34D2-42C3-98F4-6BE6BEEEE380"},{"vulnerable":true,"criteria":"cpe:2.3:a:hp:color_laserjet_4600_toolbox:*:*:*:*:*:*:*:*","matchCriteriaId":"93C88DC2-EAE6-443A-BAF2-78943D1F88C5"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet:4600dn:*:*:*:*:*:*:*","matchCriteriaId":"B99CE20D-49C1-4F5B-9C38-9CAE666A291B"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet:4600dtn:*:*:*:*:*:*:*","matchCriteriaId":"43DEF370-33FF-427F-A18B-7256856F7231"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet:4600hdn:*:*:*:*:*:*:*","matchCriteriaId":"001EEE62-31B1-40AC-81BC-A75D75798887"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_2500:*:*:*:*:*:*:*:*","matchCriteriaId":"C2E92501-3E8C-4E61-9B65-87A7344747E4"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_2500l:*:*:*:*:*:*:*:*","matchCriteriaId":"16651605-4616-44F8-8401-8DD057932BBA"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_2500lse:*:*:*:*:*:*:*:*","matchCriteriaId":"8ADB9132-CEF5-47A0-AC21-BE6B7F89B166"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_2500n:*:*:*:*:*:*:*:*","matchCriteriaId":"CEB99C79-1DB4-4545-8457-515B1F9F484B"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_2500tn:*:*:*:*:*:*:*:*","matchCriteriaId":"95B58AD8-F848-4286-8AB4-A8EA0372D5D2"},{"vulnerable":true,"criteria":"cpe:2.3:h:hp:color_laserjet_4600:*:*:*:*:*:*:*:*","matchCriteriaId":"A6A133B7-AEA8-4F26-8632-2CEDE9EBB66E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1654","Ordinal":"1","Title":"CVE-2006-1654","CVE":"CVE-2006-1654","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1654","Ordinal":"1","NoteData":"Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.","Type":"Description","Title":"CVE-2006-1654"},{"CveYear":"2006","CveId":"1654","Ordinal":"2","NoteData":"2006-04-06","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1654","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}