Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:INFO:XEROX-DS-INFO

Severity

 Low

Recommended

 No

Category

 HTTP

Keywords

 xerox docushare info disclosure

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Xerox DocuShare Upload Helper Information Disclosure


This signature detects attempts to exploit a known vulnerability in the Xerox DocuShare Upload Helper Utility. DocuShare 2.2 Workgroup (Build 180) and earlier versions are vulnerable. Attackers can log in as a unauthenticated guest user to obtain information about the internal network that can be used to further compromise a network.

Extended Description

Since DocuShare allows anonymous users to upload files by default, an unauthenticated party could log in to the system and upload malicious files, including Trojan horse and backdoor programs. These programs could later be downloaded and run by unsuspecting legitimate users of the DocuShare system, possibly leading to a complete compromise of the host(s) where the malicious documents were opened.

References

  • URL: http://archives.neohapsis.com/archives/bugtraq/2002-10/0041.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out