CVE-2008-1366Improper Input Validation in Micro Officescan Corporate Edition

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Trend Micro Officescan Corporate Edition
Timeline
PublishedMar 17
Latest updateMay 1

Description

Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDtrend_micro/officescan_corporate_edition7.3_patch3_build1314+1

🔴Vulnerability Details

2
GHSA
GHSA-xcf9-3hwc-9g94: Trend Micro OfficeScan Corporate Edition 82022-05-01
CVEList
CVE-2008-1366: Trend Micro OfficeScan Corporate Edition 82008-03-17
CVE-2008-1366 — Improper Input Validation in Trend | cvebase