CVE Vulnerability

CVE-2007-1168

Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477 Vendor Advisory
http://www.trendmicro.com/download/product.asp?productid=20 Patch
http://www.securityfocus.com/bid/22662 Patch
http://securitytracker.com/id?1017685 Patch
http://secunia.com/advisories/24264 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/0691
Configurations

Configuration 1

cpe:2.3:a:trend_micro:serverprotect:2.5:*:linux:*:*:*:*:*
cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*
cpe:2.3:a:trend_micro:serverprotect:1.3:*:linux:*:*:*:*:*
Information

Published : 2007-03-02 09:18

Updated : 2011-03-08 02:51

NVD link : CVE-2007-1168

Mitre link : CVE-2007-1168

Products Affected
No products.
CWE
NVD-CWE-Other