Example:
GET /application/j_security_check HTTP/1.0
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Basic realm="tomcat01:8080"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Thu, 31 Dec 2009 12:18:11 GMT
| | username portion of the Digest in the Authorization |
| | header. If the peer does exist the second REGISTER will |
| | receive a response of "403 Authentication user name does |
| | not match account name". If the peer does not exist the |
| | response will be "404 Not Found" if alwaysauthreject is |
| | disabled and "401 Unauthorized" if alwaysauthreject is |
| | enabled. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions below, or apply one of the |
curl -k -H "Host: 127.0.0.1" https://<IP address of phone>/
-> if the phone is vulnerable, the index page of the web
interface is returned
-> if the phone is not vulnerable, an
"HTTP/1.1 401 Unauthorized" response is returned
Workaround / Fix:
-----------------
- Upgrade to firmware version 6.5.20, 7.1.39, 7.3.14 or above
