PT-2009-3253 · Trend Micro+1 · Trend Micro Interscan Web Security Virtual Appliance+2
Publicado
2009-02-17
·
Atualizado
2018-10-30
·
CVE-2009-0612
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Trend Micro InterScan Web Security Virtual Appliance versions 3.x
Trend Micro InterScan Web Security Suite versions 3.x
Description
The issue allows remote web servers to capture credentials by offering a media stream and then obtaining the
Proxy-Authorization header from Windows Media Player when basic authorization is enabled on the standalone proxy.Recommendations
For Trend Micro InterScan Web Security Virtual Appliance version 3.x, consider disabling basic authorization on the standalone proxy as a temporary workaround until a patch is available.
For Trend Micro InterScan Web Security Suite version 3.x, restrict access to the standalone proxy when basic authorization is enabled to minimize the risk of exploitation.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Trend Micro Interscan Web Security Suite
Trend Micro Interscan Web Security Virtual Appliance
Windows Media Player