CVE-2007-1168

Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477	Vendor Advisory
http://secunia.com/advisories/24264	Patch Vendor Advisory
http://securitytracker.com/id?1017685	Patch
http://www.securityfocus.com/bid/22662	Patch
http://www.trendmicro.com/download/product.asp?productid=20	Patch
http://www.vupen.com/english/advisories/2007/0691

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trend_micro:serverprotect:1.3::linux:::::
	cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16::linux:::::
	cpe:2.3:a:trend_micro:serverprotect:2.5::linux:::::

History

No history.

Information

Published : 2007-03-02 21:18

Updated : 2023-12-10 10:40

NVD link : CVE-2007-1168

Mitre link : CVE-2007-1168

CVE.ORG link : CVE-2007-1168

JSON object : View

Products Affected

trend_micro

serverprotect

CWE

NVD-CWE-Other

{"id": "CVE-2007-1168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24264", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017685", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22662", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/download/product.asp?productid=20", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0691", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp)."}, {"lang": "es", "value": "Trend Micro ServerProtect para Linux (SPLX) 1.25, 1.3, y 2.5 anterior a 20070216 permite a atacantes remotos acceder a p\u00e1ginas web de su elecci\u00f3n y recofigurar el producto a trav\u00e9s de respuesta HTTP con la cookie splx_2376_info en el puerto de interfaz web (14942/tcp)."}], "lastModified": "2011-03-08T02:51:24.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.3:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB28FE16-F163-4287-9A4E-843C2E67792E"}, {"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8704FA-AA3C-4664-A5AA-50F60AE77642"}, {"criteria": "cpe:2.3:a:trend_micro:serverprotect:2.5:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEDB64E2-6157-47C1-842E-26A40A885ECD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}