Affected: Canon GP300 using WebSpooler v4.5.062 (fr), other versions ? Risk: High Remote: Yes Description: A simple http request can crash the whole print server. Request is "GET /" on tcp/80 After sending "GET /" a reboot is needed to print again or to take hand on the print server. The web server seems to be Apache/1.0.3 (banner is returned in some conditions). I did not find this vulnerability for Apache/1.0.3 on securityfocus so this banner is maybe a fake or the code has been changed. Canon has been contacted. They said message has been forwarded to services concerned by this vulnerability (dev ?). No news since. Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, modification, diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse.FININFO (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l'hypothèse ou il aurait été modifié, altéré, falsifié ou encore édité ou diffusé sans autorisation. ----------------------------------------------------- This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. Neither FININFO (nor any of its subsidiaries or affiliates) shall be liable for the message if modified, altered, falsified, edited or diffused without authorization.
This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 13:44:40 PDT