Re: Security bug in Xerox Document Centre

From: K.Schleede (
Date: 01/16/04

  • Next message: Michael Bell: "[OpenCA Advisory] Vulnerability in signature verification"
    Date: 16 Jan 2004 15:34:49 -0000
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <>

    Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP web page security vulnerability. (Originally posted, 19 December 2003.)

    The Office Group, worldwide has developed action plans that seem to be most appropriate to address the recently discovered security vulnerability issue on Document Centre and WorkCentre / WorkCentre Pro products. Most of these products have patches available today, the rest will have them as soon as they can be finished.

    For customers concerned about hackers attempting to access Document Centre / WorkCentre Pro (connected) products, a "patch" has been (or will be) created to eliminate this vulnerability. Each family of products has/will have a patch customized for that family. The patches can be installed by the customer's IT department or SA.
    Each customer who would like to have one or more of these patches should contact their support organization.
    The support group will help them determine which patches they need and ensure the customer gets the patches and instructions to install them. Please contact your typical support organization via phone. The correct phone number for your country can be found at (Choose your region from the very top pull-down box.)

    Xerox development teams take any security issue extremely seriously and are firmly committed to resolving them as soon as possible in order to continue to provide our customers with the most dependable network security available.

    Other security information about Xerox products is available at

    Please consult the bulletin "Xerox MicroServer Web Server Vulnerability: Xerox Security Bulletin XRX04-001" located at that site for instructions on how to obtain a patch for your product.

    Security issues in Xerox products can be reported to Xerox via your normal support organization (preferred) or the email address:

    Thank you for your patience while we worked to resolve this problem!

  • Next message: Michael Bell: "[OpenCA Advisory] Vulnerability in signature verification"

    Relevant Pages

    • Re: Thou shalt have no other gods before the ANSI C standard
      ... >>lysdexic) to the customer. ... > in a call to our Xerox SE about the printer remote SNA comm board and ... > get a call back from a guy at Xerox engineering, ... I guess what's to be learned here is that when there's an invoice to be ...
    • Re: Price XEROX iGEN 3
      ... Why should I TRUST you? ... I deal with quite a few people a Xerox at least once a week. ... I did not sign the agreements for the printers but I have no reason to not believe what my customer and Xerox tell me about this. ... But the customer makes more money too, as what they charge their customers is quite a bit larger than what they pay Xerox. ...
    • Re: What ever happened to "Longhorn"?
      ... and what we have is mostly XP with a different GUI ... and several security aspects grafted on. ... Just like Apple ripped off a lot from Xerox. ... That stupidity only comes from idiots who are ignorant of history ...
    • Xeroz 6250 Jam at fuser
      ... Xerox Jam at Fuser. ... care less about you as a customer. ... North American E-mail Support Team ...