|
[Japanese]
|
JVNDB-2016-000089
|
Trend Micro enterprise products HTTP header injection vulnerability
|
|
Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability.
According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.2 (Medium) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.9 (Low) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Trend Micro, Inc.
- Worry-Free Business Security 9.0
- Worry-Free Business Security Services 5.x
|
|
|
An arbitrary script may be executed on the user's web browser.
|
|
If using Worry-Free Business Security 9.0:
[Update the software]
According to the developer, applying Service Pack 3 planned for release at the end of June 2016 will address the vulnerabilities.
If using Worry-Free Business Security Services 5.x:
[Update the Software]
Update the software according to the information provided by the developer.
|
|
Trend Micro, Inc.
|
|
- No Mapping(CWE-noinfo) [IPA Evaluation]
|
|
- CVE-2016-1224
|
|
- JVN : JVN#48847535
- National Vulnerability Database (NVD) : CVE-2016-1224
|
|
- [2016/06/02]
Web page was published
[2016/06/22]
References : Content was added
|
