Lucene search

[email protected]CVE-2018-6237

HistoryMay 25, 2018 - 3:29 p.m.

CVE-2018-6237

2018-05-2515:29:00

CWE-400

[email protected]

web.nvd.nist.gov

vulnerability

trend micro

smart protection server

standalone

remote attacker

http requests

denial of service

dos

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.

Affected configurations

NVD

Node

trendmicrosmart_protection_serverMatch3.0

trendmicrosmart_protection_serverMatch3.1

trendmicrosmart_protection_serverMatch3.2

trendmicrosmart_protection_serverMatch3.3

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
trendmicro:smart_protection_servertrendmicro smart protection servereq3.0
trendmicro:smart_protection_servertrendmicro smart protection servereq3.1
trendmicro:smart_protection_servertrendmicro smart protection servereq3.2
trendmicro:smart_protection_servertrendmicro smart protection servereq3.3

CPE	Name	Operator	Version
trendmicro:smart_protection_server	trendmicro smart protection server	eq	3.0
trendmicro:smart_protection_server	trendmicro smart protection server	eq	3.1
trendmicro:smart_protection_server	trendmicro smart protection server	eq	3.2
trendmicro:smart_protection_server	trendmicro smart protection server	eq	3.3

CNA Affected

[
  {
    "product": "Trend Micro Smart Protection Server (Standalone)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "3.0, 3.1, 3.2, 3.3"
      }
    ]
  }
]

References

success.trendmicro.com/solution/1119715

www.tenable.com/security/research/tra-2018-10

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2018-6237

cvelist1 nvd1 prion1