Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

           Trend Micro Deep Discovery threat appliance contains
                         multiple vulnerabilities
                              20 August 2015


        AusCERT Security Bulletin Summary

Product:           Trend Micro Deep Discovery Inspector
Publisher:         US-CERT
Operating System:  Network Appliance
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
                   Unauthorised Access  -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-2873 CVE-2015-2872 

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability Note VU#248692

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015


Multiple versions of the Trend Micro Deep Discovery threat appliance are 
vulnerable to cross-site scripting and authentication bypass.


The Trend Micro Deep Discovery platform "enables you to detect, analyze, and 
respond to todays stealthy, targeted attacks in real time." It may be deployed
on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance
version 3.7.1096 is vulnerable to cross-site scripting and authentication 

CWE-79: Improper Neutralization of Input During Web Page Generation 
('Cross-site Scripting') - CVE-2015-2872

The contentURL parameter of a request to index.html is not properly validated
and vulnerable to reflected cross-site scripting.

CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2873

Several URLs, including the system log, whitelist, and blacklist, are 
accessible to a non-administrator user by direct request. The pages do not 
properly check for authorization.

Trend Micro has released an advisory on these issues. The CVSS score below is
based on CVE-2015-2873.


An authenticated user without administrator privileges may access and modify 
certain system configuration settings. An unauthenticated remote user may 
conduct cross-site scripting attacks.


Apply an update

Trend Micro has released updates to address this issue. Affected users are 
encouraged to update as soon as possible.

Affected versions are listed below with the patch number corresponding to the
update (for example, if you use 3.8 English, update to 3.8.1263):

Affected Version (Version Number and Language) Updated Patch Version (Versions
prior to the one listed here may be affected)

3.8 English 3.8.1263 - Critical Patch B1263

3.8 Japanese 3.8.2047 - Critical Patch B2047

3.7 English 3.7.1248 - Critical Patch B1248

3.7 Japanese 3.7.1228 - Critical Patch B1228

3.7 Simplified Chinese 3.7.1227 - Critical Patch B1227

3.6 English 3.6.1217 - Critical Patch B1217

3.5 English 3.5.1477 - Critical Patch B1477

3.5 Japanese 3.5.1554 - Critical Patch B1544

3.5 Simplified Chinese 3.5.1433 - Critical Patch B1433

Vendor Information (Learn More)

Vendor Status Date Notified Date Updated

Trend Micro Affected 09 Jul 2015 07 Aug 2015

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector

Base 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal 4.1 E:POC/RL:OF/RC:UR

Environmental 3.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND






Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-2872 CVE-2015-2873

Date Public: 18 Aug 2015

Date First Published: 18 Aug 2015

Date Last Updated: 18 Aug 2015

Document Revision: 37


If you have feedback, comments, or additional information about this 
vulnerability, please send us email.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967