SecurityTracker Alert ID: 1009550
CVE Reference: GENERIC-MAP-NOMATCH
Date: Mar 24 2004
Impact: Disclosure of system information, Disclosure of user information
Exploit Included: Yes
Advisory: Sentry Union
Version(s): 3.5
Description: Tri Huynh from SentryUnion reported a vulnerability in TrendMicro's InterScan VirusWall. A remote user can view files located on the target system.
It is reported that the built in web proxy service does not properly validate user-supplied input. A remote user can supply a specially crafted URL containing '../' directory traversal characters to view arbitrary files on the target system with the privileges of InterScan VirusWall.
The vendor has reportedly been notified without response.
Impact: A remote user can view files on the target system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.trendmicro.com/
Cause: Access control error, Input validation error
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)
Underlying OS Comments: Confirmed on Windows
Reported By: "Tri Huynh"
http://www.securitytracker.com/alerts/2004/Mar/1009550.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
TrendMicro InterScan VirusWall Discloses Files to Remote Users
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic