Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: Trend Micro IWSVA ReportHandler DoCmd Command Injection

A command injection vulnerability has been reported in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). Successful exploitation of this vulnerability can lead to remote command execution in the context of the iscan (non-root) user.

References

URL: http://securitytracker.com/id?1038161 http://www.zerodayinitiative.com/advisories/zdi-17-206/ https://success.trendmicro.com/solution/1116960

Short Name

HTTP:TRENDMICRO-IWSVA-DOCMD-CI

Severity

Major

Recommended

True

Recommended Action

Drop

Category

HTTP

Keywords

Command DoCmd IWSVA Injection Micro ReportHandler Trend

Release Date

06/01/2017

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown