CVE-2006-6438 - Vulnerability Details

Vendors	Products
Xerox	Workcentre 232 Workcentre 238 Workcentre 245 Workcentre 255 Workcentre 265 Workcentre 275

Link	Providers
http://secunia.com/advisories/23265
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23265", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23265"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6438", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23265", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23265"}, {"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", "refsource": "CONFIRM", "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.528Z"}, "title": "CVE Program Container", "references": [{"name": "23265", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23265"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6438", "datePublished": "2006-12-10T11:00:00", "dateReserved": "2006-12-09T00:00:00", "dateUpdated": "2024-08-07T20:26:46.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2006-11-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2006-12-12T10:00:00 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 23265 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/23265 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2006-6438 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 23265 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/23265 (string)

}

1 : { »

name : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

refsource : CONFIRM (string)

url : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T20:26:46.528Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 23265 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/23265 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2006-6438 (string)

datePublished : 2006-12-10T11:00:00 (string)

dateReserved : 2006-12-09T00:00:00 (string)

dateUpdated : 2024-08-07T20:26:46.528Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:*", "matchCriteriaId": "24E761E4-0B6C-4C2A-BFCA-4CFC5620E91C", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:*", "matchCriteriaId": "74245D08-446A-4988-BCFD-85509C4CE340", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:*", "matchCriteriaId": "12790FD1-DECA-4074-9458-3F88823190EF", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:*", "matchCriteriaId": "88E2F705-B185-4211-B0CC-1E295E5B4471", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D7FE90B-21E6-4628-AD70-37BB9644CBD9", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:*", "matchCriteriaId": "573640FF-609D-4441-B7DD-3477F239A00E", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:*", "matchCriteriaId": "8204B5C0-0B87-48BD-9678-5101B048C135", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:*", "matchCriteriaId": "3A2128EF-5847-4097-84BC-5CAC270F1C10", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAE44F85-3F9A-45FC-A411-1D1B4C2E33D7", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:*", "matchCriteriaId": "D8FD8F59-E229-4138-9B85-7E15A80CF5DD", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_275:*:*:*:*:*:*:*:*", "matchCriteriaId": "92119B14-94C5-4D3D-811E-EB7336E39F3E", "vulnerable": true}, {"criteria": "cpe:2.3:h:xerox:workcentre_275:*:*:pro:*:*:*:*:*", "matchCriteriaId": "2DC671C6-7444-4E3D-ACAB-8905A0DB40CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."}, {"lang": "es", "value": "Xerox WorkCentre y WorkCentre Pro anterior 12.050.03.000, 13.x anterior 13.050.03.000, y 14.x anterior 14.050.03.000 deja datos de usuario en http.log despu\u00e9s de un Immediate Image Overwrite (IIO), lo cual permite a un usuario local obtener datos a trav\u00e9s de la lectura del fichero http.log"}], "id": "CVE-2006-6438", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-10T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23265"}, {"source": "cve@mitre.org", "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 24E761E4-0B6C-4C2A-BFCA-4CFC5620E91C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : 74245D08-446A-4988-BCFD-85509C4CE340 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 12790FD1-DECA-4074-9458-3F88823190EF (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : 88E2F705-B185-4211-B0CC-1E295E5B4471 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D7FE90B-21E6-4628-AD70-37BB9644CBD9 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : 573640FF-609D-4441-B7DD-3477F239A00E (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8204B5C0-0B87-48BD-9678-5101B048C135 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : 3A2128EF-5847-4097-84BC-5CAC270F1C10 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BAE44F85-3F9A-45FC-A411-1D1B4C2E33D7 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : D8FD8F59-E229-4138-9B85-7E15A80CF5DD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:h:xerox:workcentre_275:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 92119B14-94C5-4D3D-811E-EB7336E39F3E (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:h:xerox:workcentre_275:*:*:pro:*:*:*:*:* (string)

matchCriteriaId : 2DC671C6-7444-4E3D-ACAB-8905A0DB40CB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. (string)

}

1 : { »

lang : es (string)

value : Xerox WorkCentre y WorkCentre Pro anterior 12.050.03.000, 13.x anterior 13.050.03.000, y 14.x anterior 14.050.03.000 deja datos de usuario en http.log después de un Immediate Image Overwrite (IIO), lo cual permite a un usuario local obtener datos a través de la lectura del fichero http.log (string)

}

]

id : CVE-2006-6438 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2006-12-10T11:28:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/23265 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/23265 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object