|
Description
|
|
A vulnerability has been reported in Trend Micro Data Loss Prevention Management Server, which can be exploited by malicious people to disclose sensitive information.
Input appended to the URL after /dsc is not properly verified before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
The vulnerability is reported in version 5.5. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
Trend Micro Data Loss Prevention (DLP) Management Server 5.xVulnerable Software:
|
|
|
|
|
|
Solution
|
|
Apply Hotfix B1348 available via Technical Support.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
White Hat Consultores:
http://www.exploit-db.com/exploits/17388/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
