Vulnerability CVE-2009-0612
Published: 2009-02-17   Modified: 2012-02-13

Description:
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Trend micro - IWSVA/IWSS - Authorization module password leak
david vorel
19.02.2009

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Trend micro -> Interscan web security suite 
Trend micro -> Interscan web security virtual appliance 
Trendmicro -> Interscan web security suite 
Trendmicro -> Interscan web security virtual appliance 

 References:
http://www.securityfocus.com/archive/1/500760/100/0/threaded
http://www.securityfocus.com/bid/33687
http://www.securitytracker.com/id?1021716
https://exchange.xforce.ibmcloud.com/vulnerabilities/48681
Copyright 2024, cxsecurity.com

 

Back to Top