CVE-2005-1936
CVSS7.5
发布时间 :2005-06-13 00:00:00
修订时间 :2011-03-07 21:23:06
NMCOS    

[原文]Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."


[CNNVD]Xerox Document Centre ESS/Network Controller 远程验证绕过漏洞(CNNVD-200506-114)

        运行System Software 27.18.017及早期版本的Xerox Document Centre 240 至555版本的ESS/ Network Controller软件的网络服务器存在未知漏洞,攻击者可获得非授权访问。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:xerox:document_centre_555Xerox Document Centre 555
cpe:/h:xerox:document_centre_220Xerox Document Centre 220
cpe:/h:xerox:document_centre_430Xerox Document Centre 430
cpe:/h:xerox:document_centre_440Xerox Document Centre 440
cpe:/h:xerox:document_centre_432Xerox Document Centre 432
cpe:/h:xerox:document_centre_535Xerox Document Centre 535
cpe:/h:xerox:document_centre_332Xerox Document Centre 332
cpe:/h:xerox:document_centre_420Xerox Document Centre 420
cpe:/h:xerox:document_centre_480Xerox Document Centre 480
cpe:/h:xerox:document_centre_545Xerox Document Centre 545
cpe:/h:xerox:document_centre_426Xerox Document Centre 426
cpe:/h:xerox:document_centre_470Xerox Document Centre 470
cpe:/h:xerox:document_centre_425Xerox Document Centre 425
cpe:/h:xerox:document_centre_230Xerox Document Centre 230
cpe:/h:xerox:document_centre_255Xerox Document Centre 255
cpe:/h:xerox:document_centre_490Xerox Document Centre 490
cpe:/h:xerox:document_centre_265Xerox Document Centre 265
cpe:/h:xerox:document_centre_240Xerox Document Centre 240
cpe:/h:xerox:document_centre_340Xerox Document Centre 340
cpe:/h:xerox:document_centre_460Xerox Document Centre 460

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1936
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1936
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-114
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/19661
(PATCH)  XF  xerox-document-security-bypass(19661)
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf
(VENDOR_ADVISORY)  CONFIRM  http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf
http://www.securityfocus.com/bid/12783
(PATCH)  BID  12783
http://secunia.com/advisories/14556
(VENDOR_ADVISORY)  SECUNIA  14556
http://www.vupen.com/english/advisories/2005/0255
(UNKNOWN)  VUPEN  ADV-2005-0255
http://www.osvdb.org/14659
(UNKNOWN)  OSVDB  14659

- 漏洞信息

Xerox Document Centre ESS/Network Controller 远程验证绕过漏洞
高危 访问验证错误
2005-06-13 00:00:00 2005-10-20 00:00:00
远程  
        运行System Software 27.18.017及早期版本的Xerox Document Centre 240 至555版本的ESS/ Network Controller软件的网络服务器存在未知漏洞,攻击者可获得非授权访问。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Xerox WorkCentre Pro 75 1.001.00.060
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 90
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre M35
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 35 3.028.11.000
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre M45 4.84.16.000
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 45 1.02.378.1
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre 40 Color 01.02.077.1
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre M35 1.02.378.1
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 35
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 32 Color
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox Document Centre 470
        Xerox cert_P16_DCAccess_Patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
        Xerox WorkCentre M45 2.97.20.032
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre M35 2.97.20.032
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 75 1.001.02.084
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 65 1.001.02.084
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox Document Centre 440
        Xerox cert_P16_DCAccess_Patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
        Xerox Document Centre 490
        Xerox cert_P16_DCAccess_Patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
        Xerox WorkCentre 90 1.001.00.060
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox Document Centre 460
        Xerox cert_P16_DCAccess_Patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
        Xerox WorkCentre M55 1.01.108.1
        Xerox cert_HTTP_Patches.zip
        http://www.xerox.com/downloads/usa/en/c/cert_HTTP_Patches.zip
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox Document Centre 240
        Xerox cert_P16_DCAccess_Patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P16_DCAccess_Patch.zip
        Xerox WorkCentre 65 1.001.02.076.1
        Xerox cert_XRX04_009_patch.zip
        http://www.xerox.com/downloads/usa/en/c/cert_XRX04_009_patch.zip
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre Pro 55 3.028.11.000
        Xerox cert_P23_HTTP_Patch_AllWCP.zip
        http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
        Xerox WorkCentre 32 Color 01.02.053.1
        Xerox cert_HTTP_Patches.zip
        http://

- 漏洞信息

14659
XEROX Document Centre Web Server Unspecified Unauthorized Access
Authentication Management
Loss of Integrity Patch / RCS
Vendor Verified

- 漏洞描述

- 时间线

2005-03-07 2005-01-15
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, XEROX has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Xerox Document Centre ESS/Network Controller Web Server Remote Authentication Bypass Vulnerability
Access Validation Error 12783
Yes No
2005-03-11 12:00:00 2009-07-12 10:56:00
Discovery is credited to Juha-Matti Laurio.

- 受影响的程序版本

Xerox WorkCentre Pro 90 1.001.02.084
Xerox WorkCentre Pro 90 1.001.00.060
Xerox WorkCentre Pro 90
Xerox WorkCentre Pro 75 1.001.02.084
Xerox WorkCentre Pro 75 1.001.00.060
Xerox WorkCentre Pro 75
Xerox WorkCentre Pro 65 1.001.02.084
Xerox WorkCentre Pro 65 1.001.00.060
Xerox WorkCentre Pro 65
Xerox WorkCentre Pro 55 3.97.20.032
Xerox WorkCentre Pro 55 3.028.11.000
Xerox WorkCentre Pro 55 1.02.378.1
Xerox WorkCentre Pro 55 1.02.353.1
Xerox WorkCentre Pro 55 1.01.108.1
Xerox WorkCentre Pro 55
Xerox WorkCentre Pro 45 3.97.20.032
Xerox WorkCentre Pro 45 3.028.11.000
Xerox WorkCentre Pro 45 1.02.378.1
Xerox WorkCentre Pro 45 1.02.353.1
Xerox WorkCentre Pro 45 1.01.108.1
Xerox WorkCentre Pro 45
Xerox WorkCentre Pro 40 Color
Xerox WorkCentre Pro 35 3.97.20.032
Xerox WorkCentre Pro 35 3.028.11.000
Xerox WorkCentre Pro 35 1.02.378.1
Xerox WorkCentre Pro 35 1.02.353.1
Xerox WorkCentre Pro 35 1.01.108.1
Xerox WorkCentre Pro 35
Xerox WorkCentre Pro 32 Color
Xerox WorkCentre M55 4.84.16.000
Xerox WorkCentre M55 2.97.20.032
Xerox WorkCentre M55 2.028.11.000
Xerox WorkCentre M55 1.02.378.1
Xerox WorkCentre M55 1.02.353.1
Xerox WorkCentre M55 1.01.108.1
Xerox WorkCentre M55
Xerox WorkCentre M45 4.84.16.000
Xerox WorkCentre M45 2.97.20.032
Xerox WorkCentre M45 2.028.11.000
Xerox WorkCentre M45 1.02.378.1
Xerox WorkCentre M45 1.02.353.1
Xerox WorkCentre M45 1.01.108.1
Xerox WorkCentre M45
Xerox WorkCentre M35 4.84.16.000
Xerox WorkCentre M35 2.97.20.032
Xerox WorkCentre M35 2.028.11.000
Xerox WorkCentre M35 1.02.378.1
Xerox WorkCentre M35 1.02.353.1
Xerox WorkCentre M35 1.01.108.1
Xerox WorkCentre M35
Xerox WorkCentre 90 1.02.028.3
Xerox WorkCentre 90 1.001.02.076.1
Xerox WorkCentre 90 1.001.00.060
Xerox WorkCentre 90 1.00.60.3
Xerox WorkCentre 75 1.02.028.3
Xerox WorkCentre 75 1.001.02.076.1
Xerox WorkCentre 75 1.001.00.060
Xerox WorkCentre 75 1.00.60.3
Xerox WorkCentre 65 1.02.028.3
Xerox WorkCentre 65 1.001.02.076.1
Xerox WorkCentre 65 1.001.00.060
Xerox WorkCentre 65 1.00.60.3
Xerox WorkCentre 40 Color 1.00.060
Xerox WorkCentre 40 Color 01.02.077.1
Xerox WorkCentre 40 Color 01.02.053.1
Xerox WorkCentre 32 Color 1.00.060
Xerox WorkCentre 32 Color 01.02.077.1
Xerox WorkCentre 32 Color 01.02.053.1
Xerox Document Centre 555
Xerox Document Centre 545
Xerox Document Centre 535
Xerox Document Centre 490
Xerox Document Centre 480
Xerox Document Centre 470
Xerox Document Centre 460
Xerox Document Centre 440
Xerox Document Centre 432
Xerox Document Centre 430
Xerox Document Centre 426
Xerox Document Centre 425
Xerox Document Centre 420
Xerox Document Centre 340
Xerox Document Centre 332
Xerox Document Centre 265
Xerox Document Centre 255
Xerox Document Centre 240
Xerox Document Centre 230
Xerox Document Centre 220

- 漏洞讨论

A remote authentication bypass vulnerability affects Xerox Document Centre. This issue is due to a failure of the application to properly handle access credentials.

An attacker may leverage this issue to gain unauthorized access to the device configuration interface. It should be noted that access to user accounts on the affected device is not granted through exploitation of this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released SECURITY BULLETIN XRX05-003, XRX04-009, and XRX04-001 with fixes dealing with this issue. Please see the referenced advisories for more information in regarding to obtaining and applying appropriate fixes.

Xerox has released an advisory (XRX05-007) to address multiple issues. This advisory includes a cumulative patch (cert_P23_HTTP_Patch_AllWCP.zip) for several issues in Xerox MicroServer Web Server included with Xerox WorkCentre and WorkCentre Pro products. Please see the referenced advisory for further information.


Xerox WorkCentre Pro 75 1.001.00.060

Xerox WorkCentre Pro 90

Xerox WorkCentre M35

Xerox WorkCentre Pro 35 3.028.11.000

Xerox WorkCentre M45 4.84.16.000

Xerox WorkCentre Pro 45 1.02.378.1

Xerox WorkCentre 40 Color 01.02.077.1

Xerox WorkCentre M35 1.02.378.1

Xerox WorkCentre Pro 35

Xerox WorkCentre Pro 32 Color

Xerox Document Centre 470

Xerox WorkCentre M45 2.97.20.032

Xerox WorkCentre M35 2.97.20.032

Xerox WorkCentre Pro 75 1.001.02.084

Xerox WorkCentre Pro 65 1.001.02.084

Xerox Document Centre 440

Xerox Document Centre 490

Xerox WorkCentre 90 1.001.00.060

Xerox Document Centre 460

Xerox WorkCentre M55 1.01.108.1

Xerox Document Centre 240

Xerox WorkCentre 65 1.001.02.076.1

Xerox WorkCentre Pro 55 3.028.11.000

Xerox WorkCentre 32 Color 01.02.053.1

Xerox Document Centre 255

Xerox WorkCentre 90 1.02.028.3

Xerox WorkCentre Pro 65 1.001.00.060

Xerox WorkCentre M55

Xerox WorkCentre 90 1.00.60.3

Xerox WorkCentre 75 1.00.60.3

Xerox Document Centre 555

Xerox WorkCentre M55 2.97.20.032

Xerox WorkCentre 75 1.02.028.3

Xerox Document Centre 420

Xerox WorkCentre M35 1.01.108.1

Xerox WorkCentre Pro 55

Xerox WorkCentre Pro 90 1.001.00.060

Xerox WorkCentre Pro 45 3.97.20.032

Xerox WorkCentre Pro 75

Xerox WorkCentre M35 2.028.11.000

Xerox Document Centre 265

Xerox WorkCentre M45

Xerox WorkCentre 65 1.02.028.3

Xerox WorkCentre Pro 35 1.02.353.1

Xerox WorkCentre Pro 55 1.02.353.1

Xerox WorkCentre Pro 65

Xerox Document Centre 545

Xerox WorkCentre M45 2.028.11.000

Xerox WorkCentre 75 1.001.02.076.1

Xerox WorkCentre M45 1.02.353.1

Xerox WorkCentre M55 2.028.11.000

Xerox WorkCentre 90 1.001.02.076.1

Xerox WorkCentre Pro 45

Xerox WorkCentre 75 1.001.00.060

Xerox WorkCentre 65 1.001.00.060

Xerox WorkCentre Pro 90 1.001.02.084

Xerox Document Centre 432

Xerox Document Centre 535

Xerox WorkCentre Pro 35 1.02.378.1

Xerox WorkCentre 40 Color 1.00.060

Xerox WorkCentre Pro 35 1.01.108.1

Xerox WorkCentre Pro 45 1.02.353.1

Xerox WorkCentre Pro 55 1.01.108.1

Xerox WorkCentre M45 1.01.108.1

Xerox WorkCentre M55 4.84.16.000

Xerox WorkCentre M45 1.02.378.1

Xerox WorkCentre Pro 45 1.01.108.1

Xerox WorkCentre Pro 55 3.97.20.032

Xerox WorkCentre 40 Color 01.02.053.1

Xerox Document Centre 430

Xerox WorkCentre Pro 35 3.97.20.032

Xerox WorkCentre M35 1.02.353.1

Xerox Document Centre 426

Xerox WorkCentre Pro 55 1.02.378.1

Xerox Document Centre 425

Xerox WorkCentre M35 4.84.16.000

Xerox WorkCentre M55 1.02.378.1

Xerox WorkCentre 32 Color 01.02.077.1

Xerox Document Centre 480

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站