Re: Security bug in Xerox Document Centre

From: K.Schleede (
Date: 01/16/04

  • Next message: Michael Bell: "[OpenCA Advisory] Vulnerability in signature verification"
    Date: 16 Jan 2004 15:34:49 -0000
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <>

    Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP web page security vulnerability. (Originally posted, 19 December 2003.)

    The Office Group, worldwide has developed action plans that seem to be most appropriate to address the recently discovered security vulnerability issue on Document Centre and WorkCentre / WorkCentre Pro products. Most of these products have patches available today, the rest will have them as soon as they can be finished.

    For customers concerned about hackers attempting to access Document Centre / WorkCentre Pro (connected) products, a "patch" has been (or will be) created to eliminate this vulnerability. Each family of products has/will have a patch customized for that family. The patches can be installed by the customer's IT department or SA.
    Each customer who would like to have one or more of these patches should contact their support organization.
    The support group will help them determine which patches they need and ensure the customer gets the patches and instructions to install them. Please contact your typical support organization via phone. The correct phone number for your country can be found at (Choose your region from the very top pull-down box.)

    Xerox development teams take any security issue extremely seriously and are firmly committed to resolving them as soon as possible in order to continue to provide our customers with the most dependable network security available.

    Other security information about Xerox products is available at

    Please consult the bulletin "Xerox MicroServer Web Server Vulnerability: Xerox Security Bulletin XRX04-001" located at that site for instructions on how to obtain a patch for your product.

    Security issues in Xerox products can be reported to Xerox via your normal support organization (preferred) or the email address:

    Thank you for your patience while we worked to resolve this problem!

  • Next message: Michael Bell: "[OpenCA Advisory] Vulnerability in signature verification"