Family: CGI abuses --> Category: infos
Trend Micro ServerProtect for Linux splx_2376_info Cookie Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to bypass authentication with SPLX
Detailed Explanation for this Vulnerability Test
The remote web server suffers from an authentication bypass
The remote host is running ServerProtect for Linux, an anti-virus
application for Linux-based servers from Trend Micro.
The version of ServerProtect for Linux installed on the remote host
fails to check the validity of the session id in the 'splx_2376_info'
cookie before granting access to its administrative pages. A remote
attacker can exploit this flaw to bypass authentication and gain full
control of the affected web application.
See also :
Apply the appropriate patch referenced in the vendor advisory above.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.