CVE-2009-0612 — Sensitive Information Exposure in Interscan WEB Security Suite

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan WEB Security Suite Trendmicro Interscan WEB Security Virtual Appliance

Timeline

PublishedFeb 17

Latest updateMay 2

Description

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDtrendmicro/interscan_web_security_virtual_appliance3.1

▶NVDtrendmicro/interscan_web_security_suite2.5, 3.1+1

🔴Vulnerability Details

GHSA

GHSA-9rm9-22p9-f7rc: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3↗2022-05-02

▶

CVEList

CVE-2009-0612: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3↗2009-02-17

▶