Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Trend WebReputation 10.5 API Circumvention

🗓️ 15 Mar 2011 00:00:00Reported by Ewerson GuimaraesType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Trend WebReputation 10.5 API circumvention vulnerability, impact mediu

Code
`[DCA-2011-0004]  
  
  
[Discussion]  
- DcLabs Security Research Group advises about following vulnerability(ies):  
  
  
[Software]  
- Trend WebReputation API  
  
[Vendor Product Description]  
- Secure any endpoint – physical or virtual – with the industry’s strongest,  
most reliable protection, while reducing the impact on your endpoint resources.  
Harness the power of the cloud with to-the-second protection from the  
Trend Micro Smart Protection Network.  
Ground-breaking new virtualization awareness delivers the latest  
endpoint solutions along with  
peace of mind and innovative resource-saving technology to help you  
defend against zero day threats with optional virtual patching.  
- Source:http://us.trendmicro.com/us/products/enterprise/officescan/index.html  
  
  
[Advisory Timeline]  
- Advisory sent to vendor: 15/Feb/2011  
- Vendor said there is no failure 15/Feb/2011  
- Advisory sent again with demo video: 16/Feb/2011  
- Vendor confirmed the bug 16/Feb/2011  
- Vendor fixed the bug 17/Feb/2011  
- Advisory coordinated to be published 18/Feb/2011  
- Published 14/Mar/2011  
  
  
  
[Bug Summary]  
- Download content-filter circumvent  
  
[Impact]  
- Medium  
  
[Affected Version]  
- 10.5  
- Prior versions can also be affected but wasn't tested.  
  
[Bug Description and Proof of Concept]  
- Web Reputation download filter can be easily circumvented by adding  
a @ or a'question mark' (?) at the end of URL.  
  
POC:  
URL Blocked  
  
The URL that you are attempting to access is a potential security  
risk. Trend Micro OfficeScan has blocked this URL  
in keeping with network security policy.  
  
URL: http://nmap.org/dist/nmap-5.51-setup.exe  
Risk Level: Dangerous  
Details: Verified fraud page or threat source  
  
  
Just put ? in end:  
http://nmap.org/dist/nmap-5.51-setup.exe?  
  
Download successful  
  
Second POC:  
Demo Video: http://www.youtube.com/watch?v=J2Nd3wNWXPU  
  
All flaws described here were discovered and researched by:  
Ewerson Guimaraes (Crash)  
DcLabs Security Research Group  
crash <AT> dclabs <DOT> com <DOT> br  
  
[Workarounds]  
-  
  
[Credits]  
DcLabs Security Research Group.  
  
--   
Ewerson Guimaraes (Crash)  
Pentester/Researcher  
DcLabs Security Team  
www.dclabs.com.br  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
trend micro smart protection networkcircumventionvulnerabilityweb reputationapimedium impactsecurity risk
35