There seems to be a minor security problem with the web interface of Axis printservers. Type of vulnerability: Denial of service Affected Software: Web interface of Axis Print Server 560 and 5600 Verified Version: 6.10, 6.15, 6.20 Unaffected Version? 5.x Background and problem description ================================== The web interface of the Axis print server 560 and 5600 hangs/crashes if it recieves a special http request. It is not verified if it is the printer server or just the web interface that hangs/crashes. URL to try: http://ps/u_server.shtm?port=a_server.shtm http://ps/u_server.shtm?port=<!-- http://ps/?_ Vendor contacted 26/6-2003. Axis response: ---------- Please update to the latest firmware. There is no firmware 6.10 for the Axis 560, it must be different product. The latest firmware should not have any security vulnerability issues. Downloads are available on FTP: ftp://ftp.axis.com/pub_soft/prt_srv/ ---------- (Version 6.10 is not the firmware version. It is probably the web interface version.) Can anyone confirm this? To all of my friends; The Beach in Vegas Sunday 3/8-2003? //Ian Vitek
This archive was generated by hypermail 2b30 : Thu Jul 03 2003 - 08:34:37 PDT