Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100075 | |
http://www.zerodayinitiative.com/advisories/ZDI-17-504 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1117723 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trendmicro
Published: 2017-07-20T00:00:00
Updated: 2017-08-04T09:57:01
Reserved: 2017-07-17T00:00:00
Link: CVE-2017-11392
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-03T15:29:00.357
Modified: 2017-08-05T01:29:02.877
Link: CVE-2017-11392
JSON object: View
Redhat Information
No data.
CWE