CVE-2017-11398
N/A
N/A
Summary
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro Smart Protection Server (Standalone) | 3.0, 3.1, 3.2 | affected |
Weaknesses
- CWE-285: OTHER - Information Exposure Through Log Files (CWE-285)
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/43388/
- http://www.securityfocus.com/bid/102275
- https://success.trendmicro.com/solution/1118992
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities
References
- https://www.exploit-db.com/exploits/43388/
- http://www.securityfocus.com/bid/102275
- https://success.trendmicro.com/solution/1118992
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.