PT-2009-3253 · Trend Micro+1 · Trend Micro Interscan Web Security Virtual Appliance+2
Published
2009-02-17
·
Updated
2018-10-30
·
CVE-2009-0612
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Trend Micro InterScan Web Security Virtual Appliance versions 3.x
Trend Micro InterScan Web Security Suite versions 3.x
Description
The issue allows remote web servers to capture credentials by offering a media stream and then obtaining the
Proxy-Authorization header from Windows Media Player when basic authorization is enabled on the standalone proxy.Recommendations
For Trend Micro InterScan Web Security Virtual Appliance version 3.x, consider disabling basic authorization on the standalone proxy as a temporary workaround until a patch is available.
For Trend Micro InterScan Web Security Suite version 3.x, restrict access to the standalone proxy when basic authorization is enabled to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Interscan Web Security Suite
Trend Micro Interscan Web Security Virtual Appliance
Windows Media Player