Web application abuses : Trend Micro Data Loss Prevention 5.5 Directory Traversal Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103182

Categoría: Web application abuses

Título: Trend Micro Data Loss Prevention 5.5 Directory Traversal Vulnerability

Resumen: Trend Micro Data Loss Prevention is prone to a directory-traversal; vulnerability because it fails to sufficiently sanitize user-supplied input.

Descripción: Summary:
Trend Micro Data Loss Prevention is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Vulnerability Insight:
Trend Micro Data Loss Prevention is shipping a vulnerable Apache Tomcat
version affected by a directory traversal vulnerability registered with the CVE-2008-2938.

Vulnerability Impact:
A remote attacker could exploit this vulnerability using directory-
traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may
result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.

Affected Software/OS:
Trend Micro Data Loss Prevention 5.5 is vulnerable. Other versions may
also be affected.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
1020665
http://www.securitytracker.com/id?1020665
20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
http://www.securityfocus.com/archive/1/495318/100/0/threaded
20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/507729/100/0/threaded
30633
http://www.securityfocus.com/bid/30633
31639
http://secunia.com/advisories/31639
31681
http://www.securityfocus.com/bid/31681
31865
http://secunia.com/advisories/31865
31891
http://secunia.com/advisories/31891
31982
http://secunia.com/advisories/31982
32120
http://secunia.com/advisories/32120
32222
http://secunia.com/advisories/32222
32266
http://secunia.com/advisories/32266
33797
http://secunia.com/advisories/33797
37297
http://secunia.com/advisories/37297
4148
http://securityreason.com/securityalert/4148
6229
https://www.exploit-db.com/exploits/6229
ADV-2008-2343
http://www.vupen.com/english/advisories/2008/2343
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
ADV-2008-2823
http://www.vupen.com/english/advisories/2008/2823
ADV-2009-0320
http://www.vupen.com/english/advisories/2009/0320
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
FEDORA-2008-7977
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
FEDORA-2008-8113
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
FEDORA-2008-8130
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
MDVSA-2008:188
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
RHSA-2008:0648
http://www.redhat.com/support/errata/RHSA-2008-0648.html
RHSA-2008:0862
http://www.redhat.com/support/errata/RHSA-2008-0862.html
RHSA-2008:0864
http://www.redhat.com/support/errata/RHSA-2008-0864.html
SSRT090005
SUSE-SR:2008:018
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SUSE-SR:2009:004
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
VU#343355
http://www.kb.cert.org/vuls/id/343355
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
oval:org.mitre.oval:def:10587
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
tomcat-allowlinking-utf8-directory-traversal(44411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44411

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103182
Categoría:	Web application abuses
Título:	Trend Micro Data Loss Prevention 5.5 Directory Traversal Vulnerability
Resumen:	Trend Micro Data Loss Prevention is prone to a directory-traversal; vulnerability because it fails to sufficiently sanitize user-supplied input.
Descripción:	Summary: Trend Micro Data Loss Prevention is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Vulnerability Insight: Trend Micro Data Loss Prevention is shipping a vulnerable Apache Tomcat version affected by a directory traversal vulnerability registered with the CVE-2008-2938. Vulnerability Impact: A remote attacker could exploit this vulnerability using directory- traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer. Affected Software/OS: Trend Micro Data Loss Prevention 5.5 is vulnerable. Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2938 1020665 http://www.securitytracker.com/id?1020665 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability http://www.securityfocus.com/archive/1/495318/100/0/threaded 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities http://www.securityfocus.com/archive/1/507729/100/0/threaded 30633 http://www.securityfocus.com/bid/30633 31639 http://secunia.com/advisories/31639 31681 http://www.securityfocus.com/bid/31681 31865 http://secunia.com/advisories/31865 31891 http://secunia.com/advisories/31891 31982 http://secunia.com/advisories/31982 32120 http://secunia.com/advisories/32120 32222 http://secunia.com/advisories/32222 32266 http://secunia.com/advisories/32266 33797 http://secunia.com/advisories/33797 37297 http://secunia.com/advisories/37297 4148 http://securityreason.com/securityalert/4148 6229 https://www.exploit-db.com/exploits/6229 ADV-2008-2343 http://www.vupen.com/english/advisories/2008/2343 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2008-2823 http://www.vupen.com/english/advisories/2008/2823 ADV-2009-0320 http://www.vupen.com/english/advisories/2009/0320 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-7977 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html FEDORA-2008-8113 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html FEDORA-2008-8130 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 MDVSA-2008:188 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 RHSA-2008:0648 http://www.redhat.com/support/errata/RHSA-2008-0648.html RHSA-2008:0862 http://www.redhat.com/support/errata/RHSA-2008-0862.html RHSA-2008:0864 http://www.redhat.com/support/errata/RHSA-2008-0864.html SSRT090005 SUSE-SR:2008:018 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html VU#343355 http://www.kb.cert.org/vuls/id/343355 [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt oval:org.mitre.oval:def:10587 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587 tomcat-allowlinking-utf8-directory-traversal(44411) https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
Copyright	Copyright (C) 2011 Greenbone AG