Operating System:

[Appliance][Virtual]

Published:

20 August 2015

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2015.2178 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2178
           Trend Micro Deep Discovery threat appliance contains
                         multiple vulnerabilities
                              20 August 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Trend Micro Deep Discovery Inspector
Publisher:         US-CERT
Operating System:  Network Appliance
                   Virtualisation
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
                   Unauthorised Access  -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-2873 CVE-2015-2872 

Original Bulletin: 
   https://www.kb.cert.org/vuls/id/248692

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability Note VU#248692

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015

Overview

Multiple versions of the Trend Micro Deep Discovery threat appliance are 
vulnerable to cross-site scripting and authentication bypass.

Description

The Trend Micro Deep Discovery platform "enables you to detect, analyze, and 
respond to todays stealthy, targeted attacks in real time." It may be deployed
on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance
version 3.7.1096 is vulnerable to cross-site scripting and authentication 
bypass.

CWE-79: Improper Neutralization of Input During Web Page Generation 
('Cross-site Scripting') - CVE-2015-2872

The contentURL parameter of a request to index.html is not properly validated
and vulnerable to reflected cross-site scripting.

CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2873

Several URLs, including the system log, whitelist, and blacklist, are 
accessible to a non-administrator user by direct request. The pages do not 
properly check for authorization.

Trend Micro has released an advisory on these issues. The CVSS score below is
based on CVE-2015-2873.

Impact

An authenticated user without administrator privileges may access and modify 
certain system configuration settings. An unauthenticated remote user may 
conduct cross-site scripting attacks.

Solution

Apply an update

Trend Micro has released updates to address this issue. Affected users are 
encouraged to update as soon as possible.

Affected versions are listed below with the patch number corresponding to the
update (for example, if you use 3.8 English, update to 3.8.1263):

Affected Version (Version Number and Language) Updated Patch Version (Versions
prior to the one listed here may be affected)

3.8 English 3.8.1263 - Critical Patch B1263

3.8 Japanese 3.8.2047 - Critical Patch B2047

3.7 English 3.7.1248 - Critical Patch B1248

3.7 Japanese 3.7.1228 - Critical Patch B1228

3.7 Simplified Chinese 3.7.1227 - Critical Patch B1227

3.6 English 3.6.1217 - Critical Patch B1217

3.5 English 3.5.1477 - Critical Patch B1477

3.5 Japanese 3.5.1554 - Critical Patch B1544

3.5 Simplified Chinese 3.5.1433 - Critical Patch B1433

Vendor Information (Learn More)

Vendor Status Date Notified Date Updated

Trend Micro Affected 09 Jul 2015 07 Aug 2015

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector

Base 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal 4.1 E:POC/RL:OF/RC:UR

Environmental 3.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

http://esupport.trendmicro.com/solution/en-US/1112206.aspx

http://cwe.mitre.org/data/definitions/79.html

http://cwe.mitre.org/data/definitions/425.html

Credit

Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-2872 CVE-2015-2873

Date Public: 18 Aug 2015

Date First Published: 18 Aug 2015

Date Last Updated: 18 Aug 2015

Document Revision: 37

Feedback

If you have feedback, comments, or additional information about this 
vulnerability, please send us email.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVdVl+H6ZAP0PgtI9AQK5PxAAokkj5+BNZ8K+0df5r+v4T6bldhjTjuX+
QB+MqZQFMzArF/s/EQn+bBvSu4WArpMdqh24nhYeLuZouJOgMAHO8DChkZZEyCea
VomRVB9JSlVAdoKGSqa4ZCc++MZiseBKcWMLVmMf9mVcfSaWwpxEhSRRQYS4dDD4
bMcp8PWNnDfu+TIio+TgEZ1CmANHxs+7kvE3qfC46V2RfBefGMx4gkYPGxXZ0oXO
ZxHDLORrjuHqFtDnddHfRUsCqQxjGbUbjqraIXIJrOwe6pxb5dGMIrk43xEfMm90
Var4Zjz/lN4OXQ/wMhzwDOrF6IpibTZG9FYZ2V/AXpmZS5OZLXrY419X/1m6CF+z
LH6cSu4zPIzPsei876H+Y3SYOLFGFFxDJ1QOx0uTaPlad7gwU15OkqGYBFxrXU2E
3y1dxWoHWRUJR4RyZleOD1MkCSULI5JK/zyqGbL7WfeFS6zFxGiqHjtkkmwQIlBn
oBRZ0S+3qRLEBSx6L5g/DMGBdlDokGeolKm0zWsrw5yY4FsSGkhuSW/+BDShttph
Tv/gfeISh2wcdmHqAb19qAy2oWFJOrNyg69CuX7vbKK3QaGGBhbLqMhr+CbRTZiX
7+8y+hDr2SdgFM+rS+Mn7YtymVyGXfzNHWVWsyxRELcVYejsIJ1wVP9SPVUHj4HZ
G9tOtUa5kcU=
=yLQo
-----END PGP SIGNATURE-----