Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro Server Protect unauthorized access
Published:22.02.2007
Source:
SecurityVulns ID:7286
Type:remote
Threat Level:
5/10
Description:Unauthorized TCP/14942 Web interface access.
Affected:TM : Trend Micro ServerProtect for Linux 1.3
CVE:CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.)
 CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability (22.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod