CVE-2017-7896
published 2017-04-18CVE-2017-7896: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
PriorityP338medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.28%
89.9th percentile
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | interscan_messaging_security_virtual_appliance | <= 9.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to Proxy.php under the TMCSS module path for unsanitized parameters that may indicate command injection attempts. ↗
- →Alert on unauthenticated HTTP GET/POST requests to diagnostic.log on the IMSVA management interface (TCP 443), as this file exposes JSESSIONID values enabling authentication bypass. ↗
- →Detect exploitation chain: unauthenticated access to diagnostic.log followed by subsequent authenticated requests using a harvested JSESSIONID cookie to Proxy.php. ↗
- ·The vulnerability chain (auth bypass + RCE) is only exploitable against IMSVA 9.1 versions prior to CP 1644; patched versions are not affected. ↗
- ·The management interface must be network-accessible on TCP 443 for exploitation; restricting access to this port mitigates exposure. ↗
- ·The widget feature implemented in PHP is a prerequisite for the attack surface; the TMCSS module's Proxy.php must be present and accessible. ↗
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97938https://success.trendmicro.com/solution/1116821-security-bulletin-trend-micro-interscan-messaging-security-virtual-appliance-imsva-9-1-multiple-vhttp://www.securityfocus.com/bid/97938https://success.trendmicro.com/solution/1116821-security-bulletin-trend-micro-interscan-messaging-security-virtual-appliance-imsva-9-1-multiple-v
2017-04-18
Published