Vulnerabilites related to trend_micro - deep_discovery_inspector
Vulnerability from fkie_nvd
Published
2016-06-30 16:59
Modified
2024-11-21 02:55
Severity ?
Summary
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | deep_discovery_inspector | 3.7 | |
| trend_micro | deep_discovery_inspector | 3.81 | |
| trend_micro | deep_discovery_inspector | 3.82 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33F53CCB-420B-4E6E-AB8B-F23626791BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "89EACE78-F8FD-49D9-8D4D-BB5A6DEDC0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4B030B-3019-49A5-8DF9-88C94336F93F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
},
{
"lang": "es",
"value": "hotfix_upload.cgi en Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81) y 3.8 SP2 (3.82) permite a administradores remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de metacaracteres de shell en el par\u00e1metro filename de la cabecera Content-Disposition."
}
],
"id": "CVE-2016-5840",
"lastModified": "2024-11-21T02:55:06.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T16:59:11.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN55428526/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/40180/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN55428526/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/40180/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-5840
Vulnerability from cvelistv5
Published
2016-06-30 16:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-373 | x_refsource_MISC | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN55428526/index.html | third-party-advisory, x_refsource_JVN | |
| https://www.exploit-db.com/exploits/40180/ | exploit, x_refsource_EXPLOIT-DB | |
| http://esupport.trendmicro.com/solution/en-US/1114281.aspx | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
},
{
"name": "JVNDB-2016-000103",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
},
{
"name": "JVN#55428526",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55428526/index.html"
},
{
"name": "40180",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40180/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
},
{
"name": "JVNDB-2016-000103",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
},
{
"name": "JVN#55428526",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55428526/index.html"
},
{
"name": "40180",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40180/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-373",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
},
{
"name": "JVNDB-2016-000103",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
},
{
"name": "JVN#55428526",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55428526/index.html"
},
{
"name": "40180",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40180/"
},
{
"name": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx",
"refsource": "CONFIRM",
"url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5840",
"datePublished": "2016-06-30T16:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}