Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100075 | Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-17-502 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1117723 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trendmicro
Published: 2017-07-20T00:00:00
Updated: 2017-08-04T09:57:01
Reserved: 2017-07-17T00:00:00
Link: CVE-2017-11391
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-08-03T15:29:00.327
Modified: 2017-08-07T22:12:49.323
Link: CVE-2017-11391
JSON object: View
Redhat Information
No data.
CWE