Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

7940 Vulnerability Report

Jagsuvce G
Level 1
Level 1

‎02-15-2015 11:21 PM - edited ‎03-17-2019 01:59 AM

Hi,

We have received a vulnerability report for 7940 IP Phones with VM QID -- 86175.

Pls suggest how to over come this VM.

Currently we are running firmware P0030801SR02 for 7940 IP Phones, Pls suggest weather upgrading the firmware will overcome this issue.

Labels:
0 Helpful
2 Replies 2

Aaron Harrison
VIP Alumni
VIP Alumni

‎02-16-2015 01:36 AM

Can you provide a link to the vulnerability? I see reference to a similar number and IBM WebSphere, but not to Cisco phones. It may be a false positive if that's what you see.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Jagsuvce G
Level 1
Level 1
In response to Aaron Harrison

‎02-16-2015 02:17 AM

Hi,

 

Pls find the details below of qualys guard...

Qualys ID (QID):86175
QID Title:Web Server/ Web Application Vulnerable to Cross-Site Scripting Attacks..

 

Generic Solution:Any Web application on the server may be affected by this vulnerability. To prevent cross-site scripting attacks from occurring, web developers should use static pages whenever possible and sanitize input / output.The following vendors provided a patches at the web server level. See below for a list of patches for some specific Web servers. If this information does not apply to your Web server, contact your Web server vendor. If your web server does not support filtering please have your web developers resolve this issue at the application level.
 
This issue is fixed in Sun ONE / iPlanet Web Server 4.1 Service Pack 12 and above. The latest service pack is available for download from Sun ONE Web Server Enterprise Edition 4.1 Service Pack 13 (http://wwws.sun.com/software/download/products/3f8472da.html).
 
For Microsoft IIS 4/5/5.1, apply the cumulative patch described in Microsoft Security Bulletin MS02-018 (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx). No additional service packs are planned for Windows NT 4.0. IIS 5.0 fixes will be included in Windows 2000 Service Pack 3. IIS 5.1 fixes will be included in Windows XP Service Pack 1.
 
Lotus Domino had this issue with Domino R5 Web server. Check the Lotus advisory SPR# JCHN4V2HUY (http://www-01.ibm.com/support/docview.wss?uid=sim490a14be07fdb479385256ad800739c35).
 
For IBM Websphere, please refer to websphere-faultactor-xss (30055) (http://xforce.iss.net/xforce/xfdb/30055).
 
 For Web Applications:  If your Web application is vulnerable, please check with the web application vendor for further details.
 Patch:
Following are links for downloading patches to fix the vulnerabilities:
  Web Server (Sun ONE / iPlanet Web Server 4.1 Service Pack 12) (http://wwws.sun.com/software/download/products/3f8472da.html)  Web Server: Windows (IIS 4.0, 5.0, 5.1) (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx)  Web Server (Lotus Domio) (http://www-1.ibm.com/support/docview.wss?rs=463&q1=1098216&uid=swg21098216&loc=en_US&cs=utf-8&lang=en+en)
 

 

 

0 Helpful
Customers Also Viewed These Support Documents