Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2178 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities 20 August 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro Deep Discovery Inspector Publisher: US-CERT Operating System: Network Appliance Virtualisation Impact/Access: Cross-site Scripting -- Remote with User Interaction Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-2873 CVE-2015-2872 Original Bulletin: https://www.kb.cert.org/vuls/id/248692 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to todays stealthy, targeted attacks in real time." It may be deployed on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance version 3.7.1096 is vulnerable to cross-site scripting and authentication bypass. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2015-2872 The contentURL parameter of a request to index.html is not properly validated and vulnerable to reflected cross-site scripting. CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2873 Several URLs, including the system log, whitelist, and blacklist, are accessible to a non-administrator user by direct request. The pages do not properly check for authorization. Trend Micro has released an advisory on these issues. The CVSS score below is based on CVE-2015-2873. Impact An authenticated user without administrator privileges may access and modify certain system configuration settings. An unauthenticated remote user may conduct cross-site scripting attacks. Solution Apply an update Trend Micro has released updates to address this issue. Affected users are encouraged to update as soon as possible. Affected versions are listed below with the patch number corresponding to the update (for example, if you use 3.8 English, update to 3.8.1263): Affected Version (Version Number and Language) Updated Patch Version (Versions prior to the one listed here may be affected) 3.8 English 3.8.1263 - Critical Patch B1263 3.8 Japanese 3.8.2047 - Critical Patch B2047 3.7 English 3.7.1248 - Critical Patch B1248 3.7 Japanese 3.7.1228 - Critical Patch B1228 3.7 Simplified Chinese 3.7.1227 - Critical Patch B1227 3.6 English 3.6.1217 - Critical Patch B1217 3.5 English 3.5.1477 - Critical Patch B1477 3.5 Japanese 3.5.1554 - Critical Patch B1544 3.5 Simplified Chinese 3.5.1433 - Critical Patch B1433 Vendor Information (Learn More) Vendor Status Date Notified Date Updated Trend Micro Affected 09 Jul 2015 07 Aug 2015 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N Temporal 4.1 E:POC/RL:OF/RC:UR Environmental 3.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References http://esupport.trendmicro.com/solution/en-US/1112206.aspx http://cwe.mitre.org/data/definitions/79.html http://cwe.mitre.org/data/definitions/425.html Credit Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2015-2872 CVE-2015-2873 Date Public: 18 Aug 2015 Date First Published: 18 Aug 2015 Date Last Updated: 18 Aug 2015 Document Revision: 37 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVdVl+H6ZAP0PgtI9AQK5PxAAokkj5+BNZ8K+0df5r+v4T6bldhjTjuX+ QB+MqZQFMzArF/s/EQn+bBvSu4WArpMdqh24nhYeLuZouJOgMAHO8DChkZZEyCea VomRVB9JSlVAdoKGSqa4ZCc++MZiseBKcWMLVmMf9mVcfSaWwpxEhSRRQYS4dDD4 bMcp8PWNnDfu+TIio+TgEZ1CmANHxs+7kvE3qfC46V2RfBefGMx4gkYPGxXZ0oXO ZxHDLORrjuHqFtDnddHfRUsCqQxjGbUbjqraIXIJrOwe6pxb5dGMIrk43xEfMm90 Var4Zjz/lN4OXQ/wMhzwDOrF6IpibTZG9FYZ2V/AXpmZS5OZLXrY419X/1m6CF+z LH6cSu4zPIzPsei876H+Y3SYOLFGFFxDJ1QOx0uTaPlad7gwU15OkqGYBFxrXU2E 3y1dxWoHWRUJR4RyZleOD1MkCSULI5JK/zyqGbL7WfeFS6zFxGiqHjtkkmwQIlBn oBRZ0S+3qRLEBSx6L5g/DMGBdlDokGeolKm0zWsrw5yY4FsSGkhuSW/+BDShttph Tv/gfeISh2wcdmHqAb19qAy2oWFJOrNyg69CuX7vbKK3QaGGBhbLqMhr+CbRTZiX 7+8y+hDr2SdgFM+rS+Mn7YtymVyGXfzNHWVWsyxRELcVYejsIJ1wVP9SPVUHj4HZ G9tOtUa5kcU= =yLQo -----END PGP SIGNATURE-----