Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0440 — Micro Interscan Viruswall vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.5%

top 14.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Interscan Viruswall

Timeline

PublishedJul 26

Latest updateApr 30

Description

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDtrend_micro/interscan_viruswall3.51, 3.6+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-87c4-g3xj-g65r: Trend Micro InterScan VirusWall HTTP proxy 3↗2022-04-30

▶

CVEList

CVE-2002-0440: Trend Micro InterScan VirusWall HTTP proxy 3↗2002-06-11

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Interscan VirusWall 3.5/3.6 - Content-Length Scan Bypass↗2002-03-11

▶