Short Name |
HTTP:INFO:XEROX-DS-INFO |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Xerox DocuShare Upload Helper Information Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Xerox DocuShare Upload Helper Utility. DocuShare 2.2 Workgroup (Build 180) and earlier versions are vulnerable. Attackers can log in as a unauthenticated guest user to obtain information about the internal network that can be used to further compromise a network.
Since DocuShare allows anonymous users to upload files by default, an unauthenticated party could log in to the system and upload malicious files, including Trojan horse and backdoor programs. These programs could later be downloaded and run by unsuspecting legitimate users of the DocuShare system, possibly leading to a complete compromise of the host(s) where the malicious documents were opened.