PT-2002-1491 · Trend Micro · Trend Micro Interscan Viruswall Http Proxy

Published

2002-06-11

Updated

2008-09-10

CVE-2002-0440

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan VirusWall HTTP proxy version 3.6

Description The issue allows malicious web servers to bypass content scanning by setting the Content-length header to 0. This is often ignored by HTTP clients, enabling the bypass.

Recommendations For Trend Micro InterScan VirusWall HTTP proxy version 3.6, consider disabling the "Skip scanning if Content-length equals 0" option to prevent malicious web servers from bypassing content scanning.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0440

Affected Products

Trend Micro Interscan Viruswall Http Proxy

PT-2002-1491 · Trend Micro · Trend Micro Interscan Viruswall Http Proxy

CVE-2002-0440

Related Identifiers

Affected Products

References · 7