CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0613
https://notcve.org/view.php?id=CVE-2009-0613
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. Trend Micro InterScan Web Security Suite (IWSS) v3.1 anterior a build v1237 permite a usuarios Auditor and Report Only autenticados remotamente evitar las configuraciones de permisos previstas, y modificar la configuración del sistema, a través de peticiones a páginas JSP sin especificar. • http://secunia.com/advisories/33867 http://www.securitytracker.com/id?1021694 http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt http://www.vupen.com/english/advisories/2009/0369 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0612
https://notcve.org/view.php?id=CVE-2009-0612
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. Trend Micro InterScan Web Security Virtual Appliance (IWSVA) v3.x e InterScan Web Security Suite (IWSS) v3.x, cuando la autorización básica está habilitada sobre el proxy independiente, reenvía la cabecera de autorización del proxy desde Windows Media Player, lo que permite a servidores Web remotos obtener credenciales ofreciendo una secuencia "media" y capturando esta cabecera. • http://secunia.com/advisories/33891 http://www.securityfocus.com/archive/1/500760/100/0/threaded http://www.securityfocus.com/bid/33687 http://www.securitytracker.com/id?1021716 https://exchange.xforce.ibmcloud.com/vulnerabilities/48681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •