Delicious Digg Facebook Favorites More Stumbleupon Twitter

Vigil@nce – Trend Micro ServerProtect : Cross Site Request Forgery

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can trigger a Cross Site Request Forgery of Trend Micro ServerProtect, in order to force the victim to perform operations.

Impacted products : TrendMicro ServerProtect.

Severity : 2/4.

Creation date : 17/05/2017.

DESCRIPTION OF THE VULNERABILITY

The Trend Micro ServerProtect product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Trend Micro ServerProtect, in order to force the victim to perform operations.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/…

Source:: Global Security Mag

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

*

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Intrusio

Trop curieux pour ne pas le faire, trop honnête pour ne pas le dire.