Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass

high Nessus Plugin ID 24690

Synopsis

The remote web server suffers from an authentication bypass vulnerability.

Description

The remote host is running ServerProtect for Linux, an antivirus application for Linux-based servers from Trend Micro.

The version of ServerProtect for Linux installed on the remote host fails to check the validity of the session id in the 'splx_2376_info' cookie before granting access to its administrative pages. A remote attacker can exploit this flaw to bypass authentication and gain full control of the affected web application.

Solution

Apply the appropriate patch referenced in the vendor advisory above.

See Also

http://www.nessus.org/u?c4fa3bf6

https://www.securityfocus.com/archive/1/460805/30/0/threaded

http://www.trendmicro.com/download/product.asp?productid=20

Plugin Details

Severity: High

ID: 24690

File Name: trendmicro_splx_cookie_bypass.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 2/22/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:trend_micro:serverprotect

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 2/16/2007

Vulnerability Publication Date: 2/21/2007

Reference Information

CVE: CVE-2007-1168

BID: 22662