Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
Informations
Name VU#248692 First vendor Publication 2015-08-18
Vendor VU-CERT Last vendor Modification 2015-08-18
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:N)
Cvss Base Score 5.5 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#248692

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015

Overview

Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass.

Description

The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It may be deployed on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance version 3.7.1096 is vulnerable to cross-site scripting and authentication bypass.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2015-2872

The contentURL parameter of a request to index.html is not properly validated and vulnerable to reflected cross-site scripting.

CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2873

Several URLs, including the system log, whitelist, and blacklist, are accessible to a non-administrator user by direct request. The pages do not properly check for authorization.

Trend Micro has released an advisory on these issues. The CVSS score below is based on CVE-2015-2873.

Impact

An authenticated user without administrator privileges may access and modify certain system configuration settings. An unauthenticated remote user may conduct cross-site scripting attacks.

Solution

Apply an update

Trend Micro has released updates to address this issue. Affected users are encouraged to update as soon as possible.

Affected versions are listed below with the patch number corresponding to the update (for example, if you use 3.8 English, update to 3.8.1263):


Affected Version (Version Number and Language)Updated Patch Version (Versions prior to the one listed here may be affected)
3.8 English 3.8.1263 - Critical Patch B1263
3.8 Japanese 3.8.2047 - Critical Patch B2047
3.7 English 3.7.1248 - Critical Patch B1248
3.7 Japanese 3.7.1228 - Critical Patch B1228
3.7 Simplified Chinese 3.7.1227 - Critical Patch B1227
3.6 English 3.6.1217 - Critical Patch B1217
3.5 English 3.5.1477 - Critical Patch B1477
3.5 Japanese 3.5.1554 - Critical Patch B1544
3.5 Simplified Chinese 3.5.1433 - Critical Patch B1433

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Trend MicroAffected09 Jul 201507 Aug 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base5.5AV:N/AC:L/Au:S/C:P/I:P/A:N
Temporal4.1E:POC/RL:OF/RC:UR
Environmental3.0CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://esupport.trendmicro.com/solution/en-US/1112206.aspx
  • http://cwe.mitre.org/data/definitions/79.html
  • http://cwe.mitre.org/data/definitions/425.html

Credit

Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-2872CVE-2015-2873
  • Date Public:18 Aug 2015
  • Date First Published:18 Aug 2015
  • Date Last Updated:18 Aug 2015
  • Document Revision:37

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/248692

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-425 Direct Request ('Forced Browsing')
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-08-24 21:33:42
  • Multiple Updates
2015-08-23 21:29:12
  • Multiple Updates
2015-08-18 17:28:37
  • First insertion