[VulnDiscuss] Minor security problem in Axis 560x

Full Version: [VulnDiscuss] Minor security problem in Axis 560x

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

GSecur

Jul 7 2003, 01:56 AM

There seems to be a minor security problem with the web interface of Axis printservers.

Type of vulnerability:
Denial of service

Affected Software:
Web interface of Axis Print Server 560 and 5600

Verified Version:
6.10, 6.15, 6.20

Unaffected Version?
5.x

Background and problem description
==================================
The web interface of the Axis print server 560 and 5600 hangs/crashes if it recieves a special http request.
It is not verified if it is the printer server or just the web interface that hangs/crashes.

URL to try:
http://ps/u_server.shtm?port=a_server.shtm
http://ps/u_server.shtm?port=<!--
http://ps/?_

Vendor contacted 26/6-2003.
Axis response:
----------
Please update to the latest firmware. There is no firmware 6.10 for the Axis 560, it must be different product. The latest firmware should not have any security vulnerability issues.

Downloads are available on FTP: ftp://ftp.axis.com/pub_soft/prt_srv/
----------
(Version 6.10 is not the firmware version. It is probably the web interface version.)

Can anyone confirm this?

To all of my friends; The Beach in Vegas Sunday 3/8-2003?
//Ian Vitek

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.