Vulnerability Description
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Interscan Web Security Suite | 2.5 |
| Trendmicro | Interscan Web Security Virtual Appliance | 3.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33891Vendor Advisory
- http://www.securityfocus.com/archive/1/500760/100/0/threaded
- http://www.securityfocus.com/bid/33687
- http://www.securitytracker.com/id?1021716
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48681
- http://secunia.com/advisories/33891Vendor Advisory
- http://www.securityfocus.com/archive/1/500760/100/0/threaded
- http://www.securityfocus.com/bid/33687
- http://www.securitytracker.com/id?1021716
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48681
FAQ
What is CVE-2009-0612?
CVE-2009-0612 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorizat...
How severe is CVE-2009-0612?
CVE-2009-0612 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0612?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Interscan Web Security Suite, Trendmicro Interscan Web Security Virtual Appliance.