Lucene search

[email protected]CVE-2007-1169

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1169

2007-03-0221:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

trend micro

serverprotect

linux

web interface

logon

unencrypted http

remote attackers

network sniffing

credentials

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.0%

JSON

The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.

CPENameOperatorVersion
trend_micro:serverprotecttrend micro serverprotecteq1.25_2007-02-16

CPE	Name	Operator	Version
trend_micro:serverprotect	trend micro serverprotect	eq	1.25_2007-02-16

References

www.trendmicro.com/download/product.asp?productid=20

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.0%

JSON

Related for CVE-2007-1169

prion1 securityvulns1