CVE-2017-11398
Summary
| CVE | CVE-2017-11398 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-19 19:29:00 UTC |
| Updated | 2019-10-09 23:22:00 UTC |
| Description | A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. |
Risk And Classification
Problem Types: CWE-534
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trendmicro | Smart Protection Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Trend Micro Smart Protection Server Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities | CONFIRM | success.trendmicro.com | Vendor Advisory |
| Trend Micro Smart Protection Server Multiple Vulnerabilities | Core Security | MISC | www.coresecurity.com | Exploit, Third Party Advisory |
| Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control - Multiple remote Exploit | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.