CVE-2007-1168

Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477	Vendor Advisory
http://www.trendmicro.com/download/product.asp?productid=20	Patch
http://www.securityfocus.com/bid/22662	Patch
http://securitytracker.com/id?1017685	Patch
http://secunia.com/advisories/24264	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/0691

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16::linux:::::
	cpe:2.3:a:trend_micro:serverprotect:1.3::linux:::::
	cpe:2.3:a:trend_micro:serverprotect:2.5::linux:::::

Information

Published : 2007-03-02 13:18

Updated : 2011-03-07 18:51

NVD link : CVE-2007-1168

Mitre link : CVE-2007-1168

JSON object : View

CWE

NVD-CWE-Other

Products Affected

trend_micro

serverprotect

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477", "name": "20070221 Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability", "tags": ["Vendor Advisory"], "refsource": "IDEFENSE"}, {"url": "http://www.trendmicro.com/download/product.asp?productid=20", "name": "http://www.trendmicro.com/download/product.asp?productid=20", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/22662", "name": "22662", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1017685", "name": "1017685", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/24264", "name": "24264", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/0691", "name": "ADV-2007-0691", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1168", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-03-02T21:18Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trend_micro:serverprotect:1.3:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trend_micro:serverprotect:2.5:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:51Z"}

7.5 /10