PT-2005-3536 · Xerox · Document Centre 490+8
Published
2005-08-21
·
Updated
2008-09-05
·
CVE-2005-2646
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Xerox MicroServer Web Server versions in Document Centre 220 through 265
Xerox MicroServer Web Server versions in Document Centre 332 and 340
Xerox MicroServer Web Server versions in Document Centre 420 through 490
Xerox MicroServer Web Server versions in Document Centre 535 through 555
Description
The issue allows remote attackers to cause a denial of service or read files via crafted HTTP requests.
Recommendations
For versions in Document Centre 220 through 265, restrict access to the web server to minimize the risk of exploitation.
For versions in Document Centre 332 and 340, consider disabling the web server until a fix is available.
For versions in Document Centre 420 through 490, avoid using crafted HTTP requests in the affected API endpoints until the issue is resolved.
For versions in Document Centre 535 through 555, restrict access to sensitive files to prevent unauthorized reading.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Document Centre 220
Document Centre 265
Document Centre 332
Document Centre 340
Document Centre 420
Document Centre 490
Document Centre 535
Document Centre 555
Xerox Microserver Web Server