Vulnerabilities > CVE-2007-1168 - Unspecified vulnerability in Trend Micro Serverprotect 1.2520070216/1.3/2.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN trend-micro
nessus
Summary
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | CGI abuses |
| NASL id | TRENDMICRO_SPLX_COOKIE_BYPASS.NASL |
| description | The remote host is running ServerProtect for Linux, an antivirus application for Linux-based servers from Trend Micro. The version of ServerProtect for Linux installed on the remote host fails to check the validity of the session id in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24690 |
| published | 2007-02-22 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24690 |
| title | Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=477
- http://secunia.com/advisories/24264
- http://secunia.com/advisories/24264
- http://securitytracker.com/id?1017685
- http://securitytracker.com/id?1017685
- http://www.securityfocus.com/bid/22662
- http://www.securityfocus.com/bid/22662
- http://www.trendmicro.com/download/product.asp?productid=20
- http://www.trendmicro.com/download/product.asp?productid=20
- http://www.vupen.com/english/advisories/2007/0691
- http://www.vupen.com/english/advisories/2007/0691