mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
78 lines
2.4 KiB
JSON
78 lines
2.4 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "security@trendmicro.com",
|
|
"ID" : "CVE-2017-11398",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "Trend Micro Smart Protection Server (Standalone)",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "3.0, 3.1, 3.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "Trend Micro"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "OTHER - Information Exposure Through Log Files (CWE-285)"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "43388",
|
|
"refsource" : "EXPLOIT-DB",
|
|
"url" : "https://www.exploit-db.com/exploits/43388/"
|
|
},
|
|
{
|
|
"name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities",
|
|
"refsource" : "MISC",
|
|
"url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities"
|
|
},
|
|
{
|
|
"name" : "https://success.trendmicro.com/solution/1118992",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://success.trendmicro.com/solution/1118992"
|
|
},
|
|
{
|
|
"name" : "102275",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/102275"
|
|
}
|
|
]
|
|
}
|
|
}
|