Arbitrary File Download in InterScan Web Security Virtual Appliance 5.0

vendor:

InterScan Web Security Virtual Appliance

by:

Ivan Huertas

7,5

CVSS

HIGH

Path Traversal

CWE

Product Name: InterScan Web Security Virtual Appliance

Affected Version From: 5.0

Affected Version To: 5.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:trend_micro:interscan_web_security_virtual_appliance:5.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Red Hat Nash 5.1

2010

Arbitrary File Download in InterScan Web Security Virtual Appliance 5.0

The vulnerability is caused due to an improper check in “com.trend.iwss.gui.servlet.exportreport” servlet, allowing the download of arbitrary files. Using a path traversal technique, an attacker can change the original path to the file, modifying the parameter “exportname”. Servlet “com.trend.iwss.gui.servlet.ConfigBackup” is also affected by this vulnerability in the parameter “pkg_name”

Mitigation:

Upgrade to the latest version of InterScan Web Security Virtual Appliance 5.0

Source

Exploit-DB raw data:

# Exploit Title: Arbitrary File Download in InterScan Web Security
Virtual Appliance 5.0
# Date: 22-06-2010
# Author: Ivan Huertas
# Software Link:
http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249&regs=NABU?_loc=1
# Version: 5.0
# Tested on: Red Hat Nash 5.1

Vulnerability Description:
The vulnerability is caused due to an improper check in “com.trend.iwss.gui.servlet.exportreport”
servlet, allowing the download of arbitrary files. Using a path traversal technique, an attacker can
change the original path to the file, modifying the parameter “exportname”.
Servlet “com.trend.iwss.gui.servlet.ConfigBackup” is also affected by this vulnerability in the
parameter “pkg_name”


Download:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14001.pdf (cybsec_advisory_2010_0606_InterScan_Web_Security_5_0_Arbitrary_File_Download.pdf)