|
 |
|
Xerox Document Centre Web Server Unauthorised Access Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA14556
|
|
|
Release Date:
|
2005-03-11
|
|
Last Update:
|
2005-06-15
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Xerox Document Centre
|
|
| | CVE reference: | CVE-2005-1936 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Xerox Document Centre, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error in the web server on the ESS/ Network Controller making it possible to gain unauthorised access to the device.
Successful exploitation allows manipulation of the system configuration.
The vulnerability affects the following products:
* Document Centre 535/545/555 (version 27.18.017 or prior)
* Document Centre 460/470/480/490 (versions 19.01.037 through 19.05.521 and versions 19.5.902 through 19.5.912)
* Document Centre 420/426/432/440 (with ESS 2.1.2 through 2.3.21)
* Document Centre 425/432/440 (with ESS 3.0.5.4 through 3.2.30)
* Document Centre 430 (with ESS 3.3.23 through 3.3.30)
* Document Centre 240/255/265 (versions 18.01 through 18.6.81)
Solution:
Apply patch:
http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
Provided and/or discovered by:
Juha-Matti Laurio
Changelog:
2005-03-17: Updated credits.
2005-06-15: Added CVE reference.
Original Advisory:
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. Xerox ESS/ Network Controller and MicroServer "WebUI" Vulnerability
|
|
2. Xerox Document Centre MicroServer Web Server Vulnerabilities
|
|
3. Xerox MicroServer Web Server URL Handling Denial of Service
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
