CVE-2015-2873

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2873
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.

5.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://esupport.trendmicro.com/solution/en-US/1112206.aspx Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/248692 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/76396 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
History

09 Sep 2021, 17:48

Type Values Removed Values Added
CPE cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.8:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.6:*:*:en:*:*:*:*		 cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-425
Information

Published : 2015-08-23 15:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-2873

Mitre link : CVE-2015-2873

CVE.ORG link : CVE-2015-2873

JSON object : View

Products Affected

trendmicro

  • deep_discovery_inspector
CWE
CWE-425

Direct Request ('Forced Browsing')