CVE-2006-6438

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/23265	Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:xerox:workcentre_232::::::::
	cpe:2.3:h:xerox:workcentre_232:::pro:::::*
	cpe:2.3:h:xerox:workcentre_238::::::::
	cpe:2.3:h:xerox:workcentre_238:::pro:::::*
	cpe:2.3:h:xerox:workcentre_245::::::::
	cpe:2.3:h:xerox:workcentre_245:::pro:::::*
	cpe:2.3:h:xerox:workcentre_255::::::::
	cpe:2.3:h:xerox:workcentre_255:::pro:::::*
	cpe:2.3:h:xerox:workcentre_265::::::::
	cpe:2.3:h:xerox:workcentre_265:::pro:::::*
	cpe:2.3:h:xerox:workcentre_275::::::::
	cpe:2.3:h:xerox:workcentre_275:::pro:::::*

History

No history.

Information

Published : 2006-12-10 11:28

Updated : 2008-09-10 20:39

NVD link : CVE-2006-6438

Mitre link : CVE-2006-6438

CVE.ORG link : CVE-2006-6438

JSON object : View

Products Affected

xerox

workcentre_255
workcentre_275
workcentre_265
workcentre_238
workcentre_232
workcentre_245

CWE

NVD-CWE-Other

{"id": "CVE-2006-6438", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-10T11:28:00.000", "references": [{"url": "http://secunia.com/advisories/23265", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."}, {"lang": "es", "value": "Xerox WorkCentre y WorkCentre Pro anterior 12.050.03.000, 13.x anterior 13.050.03.000, y 14.x anterior 14.050.03.000 deja datos de usuario en http.log despu\u00e9s de un Immediate Image Overwrite (IIO), lo cual permite a un usuario local obtener datos a trav\u00e9s de la lectura del fichero http.log"}], "lastModified": "2008-09-10T20:39:51.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24E761E4-0B6C-4C2A-BFCA-4CFC5620E91C"}, {"criteria": "cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74245D08-446A-4988-BCFD-85509C4CE340"}, {"criteria": "cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12790FD1-DECA-4074-9458-3F88823190EF"}, {"criteria": "cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E2F705-B185-4211-B0CC-1E295E5B4471"}, {"criteria": "cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7FE90B-21E6-4628-AD70-37BB9644CBD9"}, {"criteria": "cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573640FF-609D-4441-B7DD-3477F239A00E"}, {"criteria": "cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8204B5C0-0B87-48BD-9678-5101B048C135"}, {"criteria": "cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A2128EF-5847-4097-84BC-5CAC270F1C10"}, {"criteria": "cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAE44F85-3F9A-45FC-A411-1D1B4C2E33D7"}, {"criteria": "cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8FD8F59-E229-4138-9B85-7E15A80CF5DD"}, {"criteria": "cpe:2.3:h:xerox:workcentre_275:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92119B14-94C5-4D3D-811E-EB7336E39F3E"}, {"criteria": "cpe:2.3:h:xerox:workcentre_275:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC671C6-7444-4E3D-ACAB-8905A0DB40CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}