Описание
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trendmicro:interscan_web_security_suite:2.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:interscan_web_security_suite:3.1:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.0068
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
EPSS
Процентиль: 71%
0.0068
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200