| Vulnerability Name: | CVE-2006-6438 (CCN-40180) | ||||||||
| Assigned: | 2006-11-30 | ||||||||
| Published: | 2006-11-30 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6438 Source: CCN Type: SA23265 XEROX WorkCentre Products Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 23265 Source: CCN Type: OSVDB ID: 31826 XEROX WorkCentre Products IIO http.log Information Disclosure Source: CCN Type: XEROX SECURITY BULLETIN XRX06-004 Cumulative update to address multiple security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf Source: XF Type: UNKNOWN workcentre-iio-information-disclosure(40180) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||