CVE-2017-11398

Description

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Affected products

• Trend Micro / Trend Micro Smart Protection Server (Standalone)3.0, 3.1, 3.2 – 3.0, 3.1, 3.2

References

• EXPLOIThttps://www.exploit-db.com/exploits/43388/
• MISChttp://www.securityfocus.com/bid/102275
• MISChttps://success.trendmicro.com/solution/1118992
• VENDOR_ADVISORYhttps://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities