Trend Micro - Interscan Web Security Suite (IWSS)
1 view
Skip to first unread message
Erez
Feb 10, 2009, 6:14:57 PM2/10/09
to Erez Kalman
1) Trend Micro InterScan Web Security Suite Multiple Security Bypass
Vulnerabilities
http://www.securityfocus.com/bid/33679/info
http://secunia.com/Advisories/33867/
The vulnerability is caused due to an access control error in multiple
JSP pages and can be exploited to modify the certain configuration
values and e.g. create an administrator account.
Successful exploitation requires "Auditor" or "Report Only"
credentials.
The vulnerability is reported in version 3.1.
Solution:
Apply patch.
http://www.trendmicro.com/ftp/products/patches/iwss_31_win_en_cp1237.zip
2) Trend Micro Interscan Web Security HTTP Proxy Authentication
Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33687/info
No more information available on this as of now, no patch available
yet.
Vulnerabilities
http://www.securityfocus.com/bid/33679/info
http://secunia.com/Advisories/33867/
The vulnerability is caused due to an access control error in multiple
JSP pages and can be exploited to modify the certain configuration
values and e.g. create an administrator account.
Successful exploitation requires "Auditor" or "Report Only"
credentials.
The vulnerability is reported in version 3.1.
Solution:
Apply patch.
http://www.trendmicro.com/ftp/products/patches/iwss_31_win_en_cp1237.zip
2) Trend Micro Interscan Web Security HTTP Proxy Authentication
Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33687/info
No more information available on this as of now, no patch available
yet.
Reply all
Reply to author
Forward
0 new messages