Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:XSS:TM-REQUEST-FORGERY

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Trend Micro Control Manager CasLogDirectInsertHandler.cs Cross Site Request Forgery

Release Date

 2011/08/15

Update Number

 1973

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Trend Micro Control Manager CasLogDirectInsertHandler.cs Cross Site Request Forgery


This signature detects attempts to exploit a known vulnerability in Trend Micro Control Manager. An attacker craft a url that when followed by a user can insert arbitrary records into the database, including user accounts and administrator privileges. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can login to the administrator console with the created account and execute commands with the privileges of the affected service.

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out