Xerox Document Centre security bypass

xerox-document-security-bypass (19661) The risk level is classified as HighHigh Risk

Description:

Xerox Document Centre could allow a remote attacker to bypass security, caused by an unspecified vulnerability in the Web server code on the ESS/Network Controller. A remote attacker could use this vulnerability to bypass security and gain unauthorized access to the Web server directory structure.


Consequences:

Bypass Security

Remedy:

Apply the P16_HTTP Access Patch DC4xx_5xx, as listed in XEROX Security Bulletin XRX05-003. See References.

References:

  • Xerox Office Customer Support Web page: Xerox Office Customer Support.
  • XEROX SECURITY BULLETIN XRX05-003: Vulnerability in the http server on the ESS/Network Controller.
  • BID-12783: Xerox Document Centre ESS/Network Controller Web Server Remote Authentication Bypass Vulnerability
  • CVE-2005-1936: Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to gain unauthorized access.
  • SA14556: Xerox Document Centre Web Server Unauthorised Access Vulnerability
  • VUPEN/ADV-2005-0255: Xerox Document Centre Web Server Unauthorised Access Vulnerability

Platforms Affected:

  • Xerox Document Centre 220
  • Xerox Document Centre 230
  • Xerox Document Centre 240
  • Xerox Document Centre 255
  • Xerox Document Centre 265
  • Xerox Document Centre 332
  • Xerox Document Centre 340
  • Xerox Document Centre 420
  • Xerox Document Centre 425
  • Xerox Document Centre 426
  • Xerox Document Centre 430
  • Xerox Document Centre 432
  • Xerox Document Centre 440
  • Xerox Document Centre 460
  • Xerox Document Centre 470
  • Xerox Document Centre 480
  • Xerox Document Centre 490
  • Xerox Document Centre 535
  • Xerox Document Centre 545
  • Xerox Document Centre 555

Reported:

Mar 11, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page