topic cross-site scripting vulnerability. 3com switch 4210 in Security e-Series https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2329967#M99 <P>I have a HP / 3com 4210 18 port&nbsp;switch on my network, which failed PCI compliance due to a cross site scripting vulnerability&nbsp; via the web interface.</P><P>&nbsp;</P><P>Is there a firmware fix for this? If not, is it possible to disable the web interface or port 80?</P><P>&nbsp;</P><P>Any suggestions apperciated</P><P>&nbsp;</P><P>thanks</P> Mon, 29 Nov 2010 23:32:44 GMT mrussell 2010-11-29T23:32:44Z cross-site scripting vulnerability. 3com switch 4210 https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2329967#M99 <P>I have a HP / 3com 4210 18 port&nbsp;switch on my network, which failed PCI compliance due to a cross site scripting vulnerability&nbsp; via the web interface.</P><P>&nbsp;</P><P>Is there a firmware fix for this? If not, is it possible to disable the web interface or port 80?</P><P>&nbsp;</P><P>Any suggestions apperciated</P><P>&nbsp;</P><P>thanks</P> Mon, 29 Nov 2010 23:32:44 GMT https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2329967#M99 mrussell 2010-11-29T23:32:44Z Re: cross-site scripting vulnerability. 3com switch 4210 https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2330095#M100 <P>Hi,</P><P>&nbsp;</P><P>You can restrict access to the web gui via <STRONG>ip http acl &lt;acl&gt;</STRONG> or disable it with <STRONG>undo ip http</STRONG> in system-view.</P><P>&nbsp;</P><P>Regards</P><P>Fredrik</P> Tue, 30 Nov 2010 07:53:02 GMT https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2330095#M100 Fredrik Lönnman 2010-11-30T07:53:02Z Re: cross-site scripting vulnerability. 3com switch 4210 https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2330237#M101 <P>Thanks Fredrik, that's exactly what i was loking for. I connected via CLI, went to system-view and entered undo ip http shutdown, and it disabled the web service.</P><P>&nbsp;</P> Tue, 30 Nov 2010 18:30:07 GMT https://community.hpe.com/t5/security-e-series/cross-site-scripting-vulnerability-3com-switch-4210/m-p/2330237#M101 mrussell 2010-11-30T18:30:07Z