CVE Vulnerabilities

CVE-2015-2873

Direct Request ('Forced Browsing')

Published: Aug 23, 2015 | Modified: Sep 09, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.

Weakness

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Affected Software

Name Vendor Start Version End Version
Deep_discovery_inspector Trendmicro 3.5 3.5
Deep_discovery_inspector Trendmicro 3.5 3.5
Deep_discovery_inspector Trendmicro 3.5 3.5
Deep_discovery_inspector Trendmicro 3.6 3.6
Deep_discovery_inspector Trendmicro 3.7 3.7
Deep_discovery_inspector Trendmicro 3.7 3.7
Deep_discovery_inspector Trendmicro 3.7 3.7
Deep_discovery_inspector Trendmicro 3.8 3.8
Deep_discovery_inspector Trendmicro 3.8 3.8

Potential Mitigations

References