Technical Description

Multiple vulnerabilities were identified in Xerox WorkCentre Pro MicroServer Web Server, which could be exploited by malicious users to conduct cross site scripting and denial of service attacks or gain unauthorized access.

The first issue is due to an unspecified error in the authentication procedure, which could be exploited by attackers to gain unauthorized access.

The second flaw is due to an error when processing specially crafted HTTP requests, which could be exploited by attackers to gain unauthorized access or cause a denial of service.

The third vulnerability is due to an input validation error when processing specially crafted parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

Affected Products

Xerox WorkCentre Pro C2128 / C2636 / C3545 versions 0.001.04.044 through 0.001.04.504.

Solution

Apply the patch :
http://www.xerox.com/downloads/usa/en/c/cert_P22_NIAP_WCP_C_Only.zip

References

http://www.vupen.com/english/advisories/2005/1009
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf

Credits

Vulnerabilities reported by the vendor

ChangeLog

2005-07-07 : Initial release
2005-07-14 : Updated CVE

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.