Vulnerabilities > CVE-2007-1168 - Authentication Bypass vulnerability in Trend Micro Serverprotect 1.2520070216/1.3/2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | CGI abuses |
NASL id | TRENDMICRO_SPLX_COOKIE_BYPASS.NASL |
description | The remote host is running ServerProtect for Linux, an antivirus application for Linux-based servers from Trend Micro. The version of ServerProtect for Linux installed on the remote host fails to check the validity of the session id in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24690 |
published | 2007-02-22 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24690 |
title | Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass |