CVE-2017-11392

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:*:*:*:*:*:*:*

Information

Published : 2017-08-03 08:29

Updated : 2017-08-04 18:29


NVD link : CVE-2017-11392

Mitre link : CVE-2017-11392


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

trendmicro

  • interscan_messaging_security_virtual_appliance