Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/1117723 | Vendor Advisory |
http://www.zerodayinitiative.com/advisories/ZDI-17-504 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/100075 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-08-03 08:29
Updated : 2017-08-04 18:29
NVD link : CVE-2017-11392
Mitre link : CVE-2017-11392
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
trendmicro
- interscan_messaging_security_virtual_appliance