<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Were you able to successfully inject the Referer per the nessus.org database article using nmap? The list of affected devices didn’t list any Cisco products, but test anyway.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I always worry about generic nessus scans. You really have to know what your doing, and my experience is that the person doing a Nessus scan really isn’t a security guru and won’t fact check what Nessus reports.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> cisco-voip [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>me@go0se.com<br><b>Sent:</b> Wednesday, May 21, 2014 5:06 PM<br><b>To:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> [cisco-voip] Cisco 7900 series phone Nessus scan<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><br><br>When performing a Nessus scan on a 7970 Cisco phone running <br>SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the <br>following "medium" vulnerability:<br><br>RomPager HTTP Referer Header XSS<br><br>Description<br><br>The remote RomPager HTTP server is affected by a cross-site scripting <br>vulnerability. The server does not properly sanitize the referer <br>header value when generating a 404 error page.<br>Solution<br><br>Upgrade to RomPager 4.51 or later.<br>See Also<br><br><a href="http://www.nessus.org/u?54798697" target="_blank">http://www.nessus.org/u?54798697</a><br><br>I also receive this same vulnerability when scanning a 7961 and a 9951 <br>phone. I've done some googling and don't find anything relevant to <br>locking this down on a Cisco phone. Any suggestions?<br><br>Thanks,<br><br>Go0se<br><br>--------------------------------------<br><br>Help Hopegivers International<br><br>feed the orphans of Haiti and India<br><br><a href="http://www.hopegivers.org" target="_blank">http://www.hopegivers.org</a><br><br>--------------------------------------<br><br><br><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br><br><br><span style='color:white'>itevomcid</span> <o:p></o:p></p></div></body></html>