Trend Micro Server Protect unauthorized access - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Trend Micro Server Protect unauthorized access
Published: 22.02.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 7286
Type: remote
Level: 5/10
Description: Unauthorized TCP/14942 Web interface access.

Affected: TM : Trend Micro ServerProtect for Linux 1.3
CVE: CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.)
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).)

Original document IDEFENSE, [Full-disclosure] iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability (22.02.2007)

Discuss: Read or add your comments to this news (0 comments)