-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
Trend Micro Deep Discovery threat appliance contains
20 August 2015
AusCERT Security Bulletin Summary
Product: Trend Micro Deep Discovery Inspector
Operating System: Network Appliance
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Unauthorised Access -- Existing Account
CVE Names: CVE-2015-2873 CVE-2015-2872
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability Note VU#248692
Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015
Multiple versions of the Trend Micro Deep Discovery threat appliance are
vulnerable to cross-site scripting and authentication bypass.
The Trend Micro Deep Discovery platform "enables you to detect, analyze, and
respond to todays stealthy, targeted attacks in real time." It may be deployed
on a network as an appliance. The Trend Micro Deep Discovery Threat Appliance
version 3.7.1096 is vulnerable to cross-site scripting and authentication
CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') - CVE-2015-2872
The contentURL parameter of a request to index.html is not properly validated
and vulnerable to reflected cross-site scripting.
CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2873
Several URLs, including the system log, whitelist, and blacklist, are
accessible to a non-administrator user by direct request. The pages do not
properly check for authorization.
Trend Micro has released an advisory on these issues. The CVSS score below is
based on CVE-2015-2873.
An authenticated user without administrator privileges may access and modify
certain system configuration settings. An unauthenticated remote user may
conduct cross-site scripting attacks.
Apply an update
Trend Micro has released updates to address this issue. Affected users are
encouraged to update as soon as possible.
Affected versions are listed below with the patch number corresponding to the
update (for example, if you use 3.8 English, update to 3.8.1263):
Affected Version (Version Number and Language) Updated Patch Version (Versions
prior to the one listed here may be affected)
3.8 English 3.8.1263 - Critical Patch B1263
3.8 Japanese 3.8.2047 - Critical Patch B2047
3.7 English 3.7.1248 - Critical Patch B1248
3.7 Japanese 3.7.1228 - Critical Patch B1228
3.7 Simplified Chinese 3.7.1227 - Critical Patch B1227
3.6 English 3.6.1217 - Critical Patch B1217
3.5 English 3.5.1477 - Critical Patch B1477
3.5 Japanese 3.5.1554 - Critical Patch B1544
3.5 Simplified Chinese 3.5.1433 - Critical Patch B1433
Vendor Information (Learn More)
Vendor Status Date Notified Date Updated
Trend Micro Affected 09 Jul 2015 07 Aug 2015
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group Score Vector
Base 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N
Temporal 4.1 E:POC/RL:OF/RC:UR
Environmental 3.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND
Thanks to John Page ("hyp3rlinx") for reporting this vulnerability to us.
This document was written by Garret Wassermann.
CVE IDs: CVE-2015-2872 CVE-2015-2873
Date Public: 18 Aug 2015
Date First Published: 18 Aug 2015
Date Last Updated: 18 Aug 2015
Document Revision: 37
If you have feedback, comments, or additional information about this
vulnerability, please send us email.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to email@example.com
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----