Test Kennung:	1.3.6.1.4.1.25623.1.0.11074
Kategorie:	Web application abuses
Titel:	OfficeScan configuration file disclosure
Zusammenfassung:	Trend Micro OfficeScan Corporate Edition (Japanese version: Virus; Buster Corporate Edition) web-based management console let anybody; access /officescan/hotdownload without authentication.
Beschreibung:	Summary: Trend Micro OfficeScan Corporate Edition (Japanese version: Virus Buster Corporate Edition) web-based management console let anybody access /officescan/hotdownload without authentication. Vulnerability Impact: Reading the configuration file /officescan/hotdownload/ofcscan.ini will reveal information on your system. More, it contains passwords that are encrypted by a weak specific algorithm, so they might be decrypted. Solution: Upgrade OfficeScan. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 3438 Common Vulnerability Exposure (CVE) ID: CVE-2001-1151 Bugtraq: 20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) (Google Search) http://www.securityfocus.com/archive/1/220666 http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 XForce ISS Database: officescan-config-file-access(7286) https://exchange.xforce.ibmcloud.com/vulnerabilities/7286
Copyright	Copyright (C) 2002 Michel Arboi

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.