CVE-2007-1169

{"id": "CVE-2007-1169", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"url": "http://www.trendmicro.com/download/product.asp?productid=20", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network."}, {"lang": "es", "value": "La interfaz web en Trend Micro ServerProtect para Linux (SPLX) 1.25, 1.3, y 2.5 versiones anteriores a 20070216 acepta peticiones de acceso (logon) a trav\u00e9s de HTTP sin cifrar, lo cual permitir\u00eda a atacantes remotos obtener credenciales al rastrear la red."}], "lastModified": "2008-09-05T21:19:49.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8704FA-AA3C-4664-A5AA-50F60AE77642"}, {"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:1.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB3418C3-1AE8-4011-9B6C-6A3D6F891AED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}