| VID |
29115 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Printer |
| Detailed Description |
The Xerox MicroServer Web server, according to its version number, has a Remote Authentication Bypass vulnerability. Xerox Document Centre and WorkCentre are a color printer used for copying, printing, scans, email, fax, and Internet fax. Multiple versions of Xerox Document Centre and WorkCentre could allow a remote attacker to bypass security restrictions, caused by an unspecified vulnerability in the Web server code on the ESS/Network Controller. A remote attacker could use this vulnerability to bypass security restrictions and gain unauthorized access to the Web server directory structure.
* Note: This check solely relied on the model number and software version number of the remote Xerox Document Centre or WorkCentre device extracted from its embedded Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/14556/
http://www.office.xerox.com/support/
* Platforms Affected:
Multiple versions of Xerox Document Centre and WorkCentre |
| Recommendation |
Apply the appropriate patches, as listed in the following Xerox security bulletins:
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-001.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-09.pdf |
| Related URL |
CVE-2005-1936 (CVE) |
| Related URL |
12783 (SecurityFocus) |
| Related URL |
19661 (ISS) |
|
