CVE-2016-3987

Sažetak

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

Reference

http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html
https://code.google.com/p/google-security-research/issues/detail?id=693
https://www.exploit-db.com/exploits/39218/
http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/
http://www.securitytracker.com/id/1034662

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-09-2021 - 17:40

Objavljeno

12-04-2016 - 02:00