Minor security problem in Axis 560x web interface
From: Ian Vitek (ian.vitek_at_as5-5-7.bi.s.bonet.se)
Date: 07/03/03
- Previous message: Michal Zalewski: "Red Hat 9: free tickets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jul 2003 11:27:47 +0200 (CEST) To: <vulndiscuss@vulnwatch.org> To: <vuln-dev@securityfocus.com> To: <hackers-se@cqure.net>
There seems to be a minor security problem with the web interface of Axis printservers.
Type of vulnerability:
Denial of service
Affected Software:
Web interface of Axis Print Server 560 and 5600
Verified Version:
6.10, 6.15, 6.20
Unaffected Version?
5.x
Background and problem description
==================================
The web interface of the Axis print server 560 and 5600 hangs/crashes if it recieves a special http request.
It is not verified if it is the printer server or just the web interface that hangs/crashes.
URL to try:
http://ps/u_server.shtm?port=a_server.shtm
http://ps/u_server.shtm?port=<!--
http://ps/?_
Vendor contacted 26/6-2003.
Axis response:
----------
Please update to the latest firmware. There is no firmware 6.10 for the Axis 560, it must be different product. The latest firmware should not have any security vulnerability issues.
Downloads are available on FTP: ftp://ftp.axis.com/pub_soft/prt_srv/
----------
(Version 6.10 is not the firmware version. It is probably the web interface version.)
Can anyone confirm this?
To all of my friends; The Beach in Vegas Sunday 3/8-2003?
//Ian Vitek
- Previous message: Michal Zalewski: "Red Hat 9: free tickets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
