Detections
Analytics

Xerox CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008)

medium Nessus Plugin ID 33478

Language:

Synopsis

The remote web server contains an application that is affected by multiple issues.

Description

Xerox CentreWare Web, a web-based tool for IP printer management, is installed on the remote web server.

According to its banner, the installed version of Xerox CentreWare Web reportedly contains three areas that are prone to SQL injection attacks, provided the attacker has valid credentials, and two areas that are prone to cross-site scripting attacks.

Solution

Upgrade to Xerox CentreWare Web version 4.6.46 or later.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf

Plugin Details

Severity: Medium

ID: 33478

File Name: xerox_xrx08_008.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 7/11/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:xerox:centreware_web

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 7/9/2008

Vulnerability Publication Date: 7/9/2008

Reference Information

CVE: CVE-2008-3121, CVE-2008-3122

BID: 30151

CWE: 79, 89

SECUNIA: 30978