|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-04-16 | |
| Rule Name: | Trend Micro Control Manager download.php Information Disclosure Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An information disclosure vulnerability exists in Trend Micro Control Manager prior to Version 6.0 build 3444. The vulnerability is due to security misconfiguration which allows access to the unreferenced download.php file, which in turn allow reading of the arbitrary files. | |
| Impact: | A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious HTTP request to the target system. Successful exploitation could result in an arbitrary file read from the target server. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | https://success.trendmicro.com/solution/1116624 ZeroDayInitiative:ZDI-17-062 ZeroDayInitiative:ZDI-17-061 |
|
| Solutions |
|---|
| Upgrade to 6.0 build 3444 version to resolve the problem. |