Detections
Analytics
Xerox DocuCentre / WorkCentre Postscript Interpreter Traversal (XRX05-001)
high Nessus Plugin ID 18266
Language:
Synopsis
The remote web server is prone to a directory traversal attack.Description
According to its model number and software versions, the remote host is a Xerox Document Centre or WorkCentre device in which the PostScript interpreter may allow unauthorized access to the underlying directory structure. Using a specially crafted PostScript file, an attacker could exploit this flaw and gain access to sensitive files on the affected device, including its encrypted password file.Solution
Apply the appropriate patches as described in the Xerox security bulletins.See Also
http://www.nessus.org/u?cf08de37
https://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-10.pdf
https://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-05.pdf
https://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-03.pdf
Plugin Details
Severity: High
ID: 18266
File Name: xerox_xrx05_001.nasl
Version: 1.18
Type: remote
Family: Misc.
Published: 5/16/2005
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Vulnerability Information
CPE: cpe:/h:xerox:workcentre, cpe:/h:xerox:document_centre
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 1/24/2005
Reference Information
BID: 12335