HTTP: Trend Micro Control Manager CasLogDirectInsertHandler.cs Cross Site Request Forgery
This signature detects attempts to exploit a known vulnerability in Trend Micro Control Manager. An attacker craft a url that when followed by a user can insert arbitrary records into the database, including user accounts and administrator privileges. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can login to the administrator console with the created account and execute commands with the privileges of the affected service.
Short Name
HTTP:XSS:TM-REQUEST-FORGERY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CasLogDirectInsertHandler.cs Control Cross Forgery Manager Micro Request Site Trend
Release Date
08/15/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown