Lucene search

K

[email protected]NVD:CVE-2015-2873

HistoryAug 23, 2015 - 3:59 p.m.

CVE-2015-2873

2015-08-2315:59:02

CWE-425

[email protected]

web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.0%

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.

Affected configurations

NVD

Node

trendmicrodeep_discovery_inspectorMatch3.5

OR

trendmicrodeep_discovery_inspectorMatch3.5ja

OR

trendmicrodeep_discovery_inspectorMatch3.5zh

OR

trendmicrodeep_discovery_inspectorMatch3.6

OR

trendmicrodeep_discovery_inspectorMatch3.7

OR

trendmicrodeep_discovery_inspectorMatch3.7ja

OR

trendmicrodeep_discovery_inspectorMatch3.7zh

OR

trendmicrodeep_discovery_inspectorMatch3.8

OR

trendmicrodeep_discovery_inspectorMatch3.8ja

References

esupport.trendmicro.com/solution/en-US/1112206.aspx

www.kb.cert.org/vuls/id/248692

www.securityfocus.com/bid/76396

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.0%

Related for NVD:CVE-2015-2873

cve1 packetstorm1 prion1 securityvulns2 cvelist1 zdt1 openvas1 cert1