PT-2002-1491 · Trend Micro · Trend Micro Interscan Viruswall Http Proxy

Publicado

2002-06-11

Atualizado

2008-09-10

CVE-2002-0440

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan VirusWall HTTP proxy version 3.6

Description The issue allows malicious web servers to bypass content scanning by setting the Content-length header to 0. This is often ignored by HTTP clients, enabling the bypass.

Recommendations For Trend Micro InterScan VirusWall HTTP proxy version 3.6, consider disabling the "Skip scanning if Content-length equals 0" option to prevent malicious web servers from bypassing content scanning.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0440

Produtos afetados

Trend Micro Interscan Viruswall Http Proxy

PT-2002-1491 · Trend Micro · Trend Micro Interscan Viruswall Http Proxy

CVE-2002-0440

Identificadores relacionados

Produtos afetados

Referências · 7