Vulnerabilities > CVE-2007-1168 - Authentication Bypass vulnerability in Trend Micro Serverprotect 1.2520070216/1.3/2.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

trend-micro

nessus

NVD

Published: 2007-03-02

Updated: 2011-03-08

Summary

Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

Vulnerable Configurations

Part	Description	Count
Application	Trend_Micro Trend Micro Serverprotect 1.3 Trend Micro Serverprotect 1.25_2007-02-16 Trend Micro Serverprotect 2.5	3

Nessus

NASL family	CGI abuses
NASL id	TRENDMICRO_SPLX_COOKIE_BYPASS.NASL
description	The remote host is running ServerProtect for Linux, an antivirus application for Linux-based servers from Trend Micro. The version of ServerProtect for Linux installed on the remote host fails to check the validity of the session id in the
last seen	2020-06-01
modified	2020-06-02
plugin id	24690
published	2007-02-22
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24690
title	Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass

Summary

Vulnerable Configurations

Nessus

References