Lucene search

[email protected]CVE-2008-4403

HistoryOct 03, 2008 - 3:07 p.m.

CVE-2008-4403

2008-10-0315:07:10

CWE-399

[email protected]

web.nvd.nist.gov

trend micro

officescan

cgi modules

denial of service

http headers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON

The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the “error handling mechanism.”

Affected configurations

NVD

Node

trend_microofficescanMatch8.0sp1

trend_microofficescanMatch8.0sp1_patch1

CPENameOperatorVersion
trend_micro:officescantrend micro officescaneq8.0

CPE	Name	Operator	Version
trend_micro:officescan	trend micro officescan	eq	8.0

References

secunia.com/advisories/32097

www.securityfocus.com/bid/31531

www.securitytracker.com/id?1020974

www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt

www.vupen.com/english/advisories/2008/2712

exchange.xforce.ibmcloud.com/vulnerabilities/45599

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2008-4403

prion1 cvelist1 nvd1 nessus1