[VIM] Xerox, redundancy and being vague..
security curmudgeon
jericho at attrition.org
Fri Jul 22 20:13:36 EDT 2005
XRX05-006
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf
Background
There are multiple vulnerabilities in the web server code that
could allow unauthorized access to the web server including:
- Vulnerabilities that could bypass authentication.
- Specially constructed HTTP requests can cause denial of service or allow
unauthorized file access on an attacked machine.
- Cross-site scripting allowing contents of web pages to be modified in an
unauthorized manner.
WorkCentre Pro Color 2128/2636/3545 version 0.001.04.044 through
0.001.04.504
XRX05-007
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf
Background
There are multiple vulnerabilities in the web server code that
could allow unauthorized access to the web server including:
- Vulnerabilities that could bypass authentication.
- Specially constructed HTTP requests can cause denial of service or allow
unauthorized file access on an attacked machine.
- Cross-site scripting allowing contents of web pages to be modified in an
unauthorized manner.
WorkCentre M35/M45/M55 version 2.028.11.000 through 2.97.20.050 or version
4.84.16.000 through 4.97.20.050
WorkCentre Pro 35/45/55 version 3.028.11.000 through 3.97.20.050
WorkCentre Pro 65/75/90 version 1.001.00.060 through 1.001.02.706
WorkCentre Pro 32/40 Color version 0.001.00.060 through 0.001.02.707
WorkCentre M165/M175 version 6.47.30.000 through 6.57.32.008 or version
8.47.30.000 through 8.57.32.008
WorkCentre Pro 165/175 version 7.47.30.000 though 7.57.32.008
Wonder if they are cut and paste happy or if an identical set of vulns was
found a month later? Based on the version info, i'd hazard a guess that
the 006 vulns were found in the Color 2128/2636/3545 version, then
subsequently found in other products. Thoughts?
More information about the VIM
mailing list