CVE-2006-6430

Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
http://secunia.com/advisories/23265	Vendor Advisory
http://www.securityfocus.com/bid/21365
http://www.vupen.com/english/advisories/2006/4791
https://exchange.xforce.ibmcloud.com/vulnerabilities/30679

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:xerox:workcentre_245:::pro:::::*
	cpe:2.3:h:xerox:workcentre_255::::::::
	cpe:2.3:h:xerox:workcentre_255:::pro:::::*
	cpe:2.3:h:xerox:workcentre_238:::pro:::::*
	cpe:2.3:h:xerox:workcentre_245::::::::
	cpe:2.3:h:xerox:workcentre_232:::pro:::::*
	cpe:2.3:h:xerox:workcentre_238::::::::
	cpe:2.3:h:xerox:workcentre_275::::::::
	cpe:2.3:h:xerox:workcentre_275:::pro:::::*
	cpe:2.3:h:xerox:workcentre_232::::::::
	cpe:2.3:h:xerox:workcentre_265::::::::
	cpe:2.3:h:xerox:workcentre_265:::pro:::::*

Information

Published : 2006-12-10 03:28

Updated : 2017-07-28 18:29

NVD link : CVE-2006-6430

Mitre link : CVE-2006-6430

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

xerox

workcentre_275
workcentre_265
workcentre_255
workcentre_238
workcentre_232
workcentre_245

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/23265", "name": "23265", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21365", "name": "21365", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/4791", "name": "ADV-2006-4791", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30679", "name": "xerox-https-security-bypass(30679)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6430", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-12-10T11:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_275:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_275:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:29Z"}