Info

Disclosure

Jun 27, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Xerox WorkCentre contains a flaw that may allow a remote denial of service. The issue is triggered when specially constructed HTTP requests are sent to the embedded web server, and will result in loss of availability for the device.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Xerox has released a patch to address this vulnerability.

Products

XEROX CORPORATION	WorkCentre Pro C2128	0.001.04.044
		0.001.04.504
	WorkCentre Pro C2636	0.001.04.044
		0.001.04.504
	WorkCentre Pro C3545	0.001.04.044
		0.001.04.504

References

Security Tracker: 1014429 1014720
Secunia Advisory ID: 15970 16167 16467
Related OSVDB ID: 17765 17767 17768
CVE ID: 2005-2201 (see also: NVD) 2005-2646 (see also: NVD)
Vendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P22_NIAP_WCP_C_Only.zip
http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip
Vendor Specific Advisory URL: http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf
Keyword: XRX05-006 XRX05-007,XRX05-008 XRX05-009

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

XEROX CORPORATION

WorkCentre Pro C2128

WorkCentre Pro C2636

WorkCentre Pro C3545

References

Credit