Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/May/91 | Exploit Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1038548 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1117411 | Patch Vendor Advisory |
https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-25T19:00:00
Updated: 2017-05-25T18:57:01
Reserved: 2017-05-17T00:00:00
Link: CVE-2017-9033
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-05-26T01:29:00.927
Modified: 2021-09-09T17:11:18.810
Link: CVE-2017-9033
JSON object: View
Redhat Information
No data.
CWE