CVE-2016-7552

Name of the Vulnerable Software and Affected Versions Trend Micro Threat Discovery Appliance version 2.6.1062r1

Description The issue allows a remote, unauthenticated attacker to delete arbitrary files as root due to directory traversal when processing a session id cookie. This can be used to bypass authentication or cause a denial of service. The vulnerability exists because of incorrect restriction of the directory path name with limited access during the processing of the session id parameter from the cookie file.

Recommendations For Trend Micro Threat Discovery Appliance version 2.6.1062r1, as a temporary workaround, consider restricting access to the session id cookie parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.