When performing a Nessus scan on a 7970 Cisco phone running
SCCP70.9-3-1SR4-1S code (the latest I can find), it reports the
following "medium" vulnerability:
RomPager HTTP Referer Header XSS
Description
The remote RomPager HTTP server is affected by a cross-site scripting
vulnerability. The server does not properly sanitize the referer
header value when generating a 404 error page.
Solution
Upgrade to RomPager 4.51 or later.
See Also
http://www.nessus.org/u?54798697
I also receive this same vulnerability when scanning a 7961 and a 9951
phone. I've done some googling and don't find anything relevant to
locking this down on a Cisco phone. Any suggestions?
Thanks,
Go0se
--------------------------------------
Help Hopegivers International
feed the orphans of Haiti and India
http://www.hopegivers.org
--------------------------------------
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip