You could just disable web access :)
On Wed, May 21, 2014 at 5:05 PM, <m...@go0se.com> wrote: > When performing a Nessus scan on a 7970 Cisco phone running > SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the following > "medium" vulnerability: > > RomPager HTTP Referer Header XSS > > Description > > The remote RomPager HTTP server is affected by a cross-site scripting > vulnerability. The server does not properly sanitize the referer header > value when generating a 404 error page. > Solution > > Upgrade to RomPager 4.51 or later. > See Also > > http://www.nessus.org/u?54798697 > > I also receive this same vulnerability when scanning a 7961 and a 9951 > phone. I've done some googling and don't find anything relevant to locking > this down on a Cisco phone. Any suggestions? > > Thanks, > > Go0se > > -------------------------------------- > > Help Hopegivers International > > feed the orphans of Haiti and India > > http://www.hopegivers.org > > -------------------------------------- > > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip >
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip