|
Family: Misc. --> Category: infos
Xerox DocuCentre / WorkCentre Postscript Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks model number / software version of Xerox DocuCentre and WorkCentre devices
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is prone to a directory traversal attack.
Description :
According to its model number and software versions, the remote host
is a Xerox Document Centre or WorkCentre device in which the
PostScript interpreter may allow unauthorized access to the underlying
directory structure. Using a specially crafted PostScript file, an
attacker can exploit this flaw and gain access to sensitive files on
the affected device, including its encrypted password file.
See also :
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX05_001.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-10.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-05.pdf
http://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-03.pdf
Solution :
Apply the appropriate patches as described in the Xerox security
bulletins.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:L/Au:NR/C:C/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|