CVE-2007-1168

Summary

CVE	CVE-2007-1168
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-03-02 21:18:00 UTC
Updated	2011-03-08 02:51:00 UTC
Description	Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Trend Micro	Serverprotect	1.25_2007-02-16	All	linux	All
Application	Trend Micro	Serverprotect	1.3	All	linux	All
Application	Trend Micro	Serverprotect	2.5	All	linux	All
Application	Trend Micro	Serverprotect	1.25_2007-02-16	All	linux	All
Application	Trend Micro	Serverprotect	1.3	All	linux	All
Application	Trend Micro	Serverprotect	2.5	All	linux	All

References

Reference	Source	Link	Tags
20070221 Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability	IDEFENSE	labs.idefense.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Trend Micro ServerProtect for Linux Web Interface Authentication Bypass - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Trend Micro ServerProtect Session ID Authentication Bypass Vulnerability	BID	www.securityfocus.com	Patch
Trend Micro ServerProtect 'splx_2376_info' Cookie Validation Bug Grants Access to Remote Users - SecurityTracker	SECTRACK	securitytracker.com	Patch
Trend Micro	CONFIRM	www.trendmicro.com	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.