cvelist/2017/11xxx/CVE-2017-11398.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@trendmicro.com",
      "ID" : "CVE-2017-11398",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Trend Micro Smart Protection Server (Standalone)",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "3.0, 3.1, 3.2"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Trend Micro"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "OTHER - Information Exposure Through Log Files (CWE-285)"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "43388",
            "refsource" : "EXPLOIT-DB",
            "url" : "https://www.exploit-db.com/exploits/43388/"
         },
         {
            "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
            "refsource" : "MISC",
            "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
         },
         {
            "name" : "https://success.trendmicro.com/solution/1118992",
            "refsource" : "CONFIRM",
            "url" : "https://success.trendmicro.com/solution/1118992"
         },
         {
            "name" : "102275",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/102275"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`"ASSIGNER" : "security@trendmicro.com",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-11398",`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Trend Micro Smart Protection Server (Standalone)",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "3.0, 3.1, 3.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Trend Micro"`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`"value" : "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "OTHER - Information Exposure Through Log Files (CWE-285)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
- Synchronized data. 2018-01-20 06:02:15 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "43388",`
			`"refsource" : "EXPLOIT-DB",`
- Synchronized data. 2018-01-20 06:02:15 -05:00			`"url" : "https://www.exploit-db.com/exploits/43388/"`
			`},`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",`
			`"refsource" : "MISC",`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`"url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://success.trendmicro.com/solution/1118992",`
			`"refsource" : "CONFIRM",`
- Added submission from Trend Micro from 2018-01-19. 2018-01-19 13:10:13 -05:00			`"url" : "https://success.trendmicro.com/solution/1118992"`
- Synchronized data. 2018-01-20 06:02:15 -05:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "102275",`
			`"refsource" : "BID",`
- Synchronized data. 2018-01-20 06:02:15 -05:00			`"url" : "http://www.securityfocus.com/bid/102275"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`