Secunia Security Advisory - Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions.
d48c61bf92cca30e654c379b1bb30342d659c0237da397cdea26b726a8484a64
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Trend Micro InterScan Web Security Suite Security Bypass
SECUNIA ADVISORY ID:
SA33867
VERIFY ADVISORY:
http://secunia.com/advisories/33867/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
SOFTWARE:
Trend Micro InterScan Web Security Suite for Windows 3.x
http://secunia.com/advisories/product/21343/
DESCRIPTION:
Julien Cayssol has reported a vulnerability in Trend Micro InterScan
Web Security Suite, which can be exploited by malicious users to
bypass certain security restrictions.
The vulnerability is caused due to an access control error in
multiple JSP pages and can be exploited to modify the certain
configuration values and e.g. create an administrator account.
Successful exploitation requires "Auditor" or "Report Only"
credentials.
The vulnerability is reported in version 3.1.
SOLUTION:
Apply patch.
http://www.trendmicro.com/ftp/products/patches/iwss_31_win_en_cp1237.zip
PROVIDED AND/OR DISCOVERED BY:
Julien Cayssol
ORIGINAL ADVISORY:
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------