Summary
Trend Micro OfficeScan Corporate Edition (Japanese version: Virus Buster Corporate Edition) web-based management console let anybody access /officescan/hotdownload without authentication.
Reading the configuration file /officescan/hotdownload/ofcscan.ini will reveal information on your system. More, it contains passwords that are encrypted by a weak specific algorithm
so they might be
decrypted
Solution
upgrade OfficeScan
Severity
Classification
-
CVE CVE-2001-1151 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Apache Open For Business HTML injection vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities