[cisco-voip] Cisco 7900 series phone Nessus scan
me at go0se.com
me at go0se.com
Wed May 21 17:05:35 EDT 2014
When performing a Nessus scan on a 7970 Cisco phone running
SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the
following "medium" vulnerability:
RomPager HTTP Referer Header XSS
Description
The remote RomPager HTTP server is affected by a cross-site scripting
vulnerability. The server does not properly sanitize the referer
header value when generating a 404 error page.
Solution
Upgrade to RomPager 4.51 or later.
See Also
http://www.nessus.org/u?54798697
I also receive this same vulnerability when scanning a 7961 and a 9951
phone. I've done some googling and don't find anything relevant to
locking this down on a Cisco phone. Any suggestions?
Thanks,
Go0se
--------------------------------------
Help Hopegivers International
feed the orphans of Haiti and India
http://www.hopegivers.org
--------------------------------------
More information about the cisco-voip
mailing list