HTTP: Trend Micro Smart Protection Server Command Injection
This signature detects attempts to exploit a known vulnerability in Trend Micro Smart Protection Server. Successful exploitation could lead to arbitrary code execution.
Extended Description
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
Affected Products
Trendmicro smart_protection_server
Short Name
HTTP:MISC:SMRT-PROTECTION-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-6266 Command Injection Micro Protection Server Smart Trend
Release Date
11/29/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3646
False Positive
Unknown
Vendors
Trendmicro
CVSS Score
6.5