Web application abuses : Trend Micro Deep Discovery Inspector Authentication Bypass and XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.807355

Categoría: Web application abuses

Título: Trend Micro Deep Discovery Inspector Authentication Bypass and XSS Vulnerabilities

Resumen: Trend Micro Deep Discovery Inspector is prone to authentication bypass and cross-site scripting vulnerabilities.

Descripción: Summary:
Trend Micro Deep Discovery Inspector is prone to authentication bypass and cross-site scripting vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to an:

- Insufficient access restrictions for some sensitive files via a direct
request to the system log URL, whitelist URL and blacklist URL.

- Insufficient validation of crafted input passed to index.php and
to the widget feature.

Vulnerability Impact:
Successful exploitation will allow a remote
attacker to gain access to potentially sensitive information and execute
arbitrary javascript code in the context of current user.

Affected Software/OS:
Trend Micro Deep Discovery Inspector with
software before 3.5, 3.6, 3.7 and 3.8

Solution:
Install the vendor patch.

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-2873
BugTraq ID: 76396
http://www.securityfocus.com/bid/76396
CERT/CC vulnerability note: VU#248692
http://www.kb.cert.org/vuls/id/248692
Common Vulnerability Exposure (CVE) ID: CVE-2015-2872
BugTraq ID: 76397
http://www.securityfocus.com/bid/76397

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.807355
Categoría:	Web application abuses
Título:	Trend Micro Deep Discovery Inspector Authentication Bypass and XSS Vulnerabilities
Resumen:	Trend Micro Deep Discovery Inspector is prone to authentication bypass and cross-site scripting vulnerabilities.
Descripción:	Summary: Trend Micro Deep Discovery Inspector is prone to authentication bypass and cross-site scripting vulnerabilities. Vulnerability Insight: Multiple flaws are due to an: - Insufficient access restrictions for some sensitive files via a direct request to the system log URL, whitelist URL and blacklist URL. - Insufficient validation of crafted input passed to index.php and to the widget feature. Vulnerability Impact: Successful exploitation will allow a remote attacker to gain access to potentially sensitive information and execute arbitrary javascript code in the context of current user. Affected Software/OS: Trend Micro Deep Discovery Inspector with software before 3.5, 3.6, 3.7 and 3.8 Solution: Install the vendor patch. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2873 BugTraq ID: 76396 http://www.securityfocus.com/bid/76396 CERT/CC vulnerability note: VU#248692 http://www.kb.cert.org/vuls/id/248692 Common Vulnerability Exposure (CVE) ID: CVE-2015-2872 BugTraq ID: 76397 http://www.securityfocus.com/bid/76397
Copyright	Copyright (C) 2016 Greenbone AG