Vulnerability Description
Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Workcentre 232 | All versions |
| Xerox | Workcentre 238 | All versions |
| Xerox | Workcentre 245 | All versions |
| Xerox | Workcentre 255 | All versions |
| Xerox | Workcentre 265 | All versions |
| Xerox | Workcentre 275 | All versions |
References
- http://secunia.com/advisories/23265Vendor Advisory
- http://www.securityfocus.com/bid/21365
- http://www.vupen.com/english/advisories/2006/4791
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30679
- http://secunia.com/advisories/23265Vendor Advisory
- http://www.securityfocus.com/bid/21365
- http://www.vupen.com/english/advisories/2006/4791
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30679
FAQ
What is CVE-2006-6430?
CVE-2006-6430 is a vulnerability with a CVSS score of 7.8 (HIGH). Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensiti...
How severe is CVE-2006-6430?
CVE-2006-6430 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6430?
Check the references section above for vendor advisories and patch information. Affected products include: Xerox Workcentre 232, Xerox Workcentre 238, Xerox Workcentre 245, Xerox Workcentre 255, Xerox Workcentre 265.