cross-site scripting vulnerability. 3com switch 4210

mrussell · ‎11-29-2010

I have a HP / 3com 4210 18 port switch on my network, which failed PCI compliance due to a cross site scripting vulnerability via the web interface.

Is there a firmware fix for this? If not, is it possible to disable the web interface or port 80?

Any suggestions apperciated

thanks

Fredrik Lönnman · ‎11-29-2010

Hi,

You can restrict access to the web gui via ip http acl <acl> or disable it with undo ip http in system-view.

Regards

Fredrik

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

mrussell · ‎11-30-2010

Thanks Fredrik, that's exactly what i was loking for. I connected via CLI, went to system-view and entered undo ip http shutdown, and it disabled the web service.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

cross-site scripting vulnerability. 3com switch 4210

cross-site scripting vulnerability. 3com switch 4210

Re: cross-site scripting vulnerability. 3com switch 4210

Re: cross-site scripting vulnerability. 3com switch 4210