OfficeScan Configuration File Disclosure Network Vulnerability

Summary

Trend Micro OfficeScan Corporate Edition (Japanese version: Virus Buster Corporate Edition) web-based management console let anybody access /officescan/hotdownload without authentication. Reading the configuration file /officescan/hotdownload/ofcscan.ini will reveal information on your system. More, it contains passwords that are encrypted by a weak specific algorithm so they might be decrypted

Solution

upgrade OfficeScan

Severity

Classification

CVE CVE-2001-1151

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability
Apache Struts Directory Traversal Vulnerability

OfficeScan configuration file disclosure

Take action and discover your vulnerabilities