SecurityTracker Alert ID: 1009550
CVE Reference: GENERIC-MAP-NOMATCH
Date: Mar 24 2004
Impact: Disclosure of system information, Disclosure of user information
Exploit Included: Yes
Advisory: Sentry Union
Description: Tri Huynh from SentryUnion reported a vulnerability in TrendMicro's InterScan VirusWall. A remote user can view files located on the target system.
It is reported that the built in web proxy service does not properly validate user-supplied input. A remote user can supply a specially crafted URL containing '../' directory traversal characters to view arbitrary files on the target system with the privileges of InterScan VirusWall.
The vendor has reportedly been notified without response.
Impact: A remote user can view files on the target system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.trendmicro.com/
Cause: Access control error, Input validation error
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)
Underlying OS Comments: Confirmed on Windows
Reported By: "Tri Huynh"
We are giving away 'Black Panther' swag!
Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.