VAR-201805-0902
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. Trend Micro Smart Protection Server (Standalone) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A security vulnerability exists in Trend MicroSmartProtectionServer (Standalone) 3.x. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0902",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "3.3"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "3.1"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "3.2"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "3.0"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "3.x"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.6,
"vendor": "trend micro",
"version": "3.*"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.3"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.2"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.1"
},
{
"model": "smart protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.0"
},
{
"model": "smart protection server cp b1090",
"scope": "ne",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.3"
},
{
"model": "smart protection server cp b1092",
"scope": "ne",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.2"
},
{
"model": "smart protection server build",
"scope": "ne",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.11068"
},
{
"model": "smart protection server build",
"scope": "ne",
"trust": 0.3,
"vendor": "trend micro",
"version": "3.01358"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "BID",
"id": "104295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fabius Artrel working with Trend Micro\u0027s Zero Day Initiative and Tenable, Inc.",
"sources": [
{
"db": "BID",
"id": "104295"
}
],
"trust": 0.3
},
"cve": "CVE-2018-6237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6237",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-15393",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6237",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6237",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-15393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-874",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. Trend Micro Smart Protection Server (Standalone) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A security vulnerability exists in Trend MicroSmartProtectionServer (Standalone) 3.x. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "BID",
"id": "104295"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6237",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2018-10",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-15393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39897",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-18-421",
"trust": 0.3
},
{
"db": "BID",
"id": "104295",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "BID",
"id": "104295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"id": "VAR-201805-0902",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
}
]
},
"last_update_date": "2023-12-18T12:28:56.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "1119715",
"trust": 0.8,
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"title": "TrendMicroSmartProtectionServer Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/137487"
},
{
"title": "Trend Micro Smart Protection Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83717"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.tenable.com/security/research/tra-2018-10"
},
{
"trust": 1.9,
"url": "https://success.trendmicro.com/solution/1119715"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6237"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6237"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39897"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-18-421/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "BID",
"id": "104295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"db": "BID",
"id": "104295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"date": "2018-05-02T00:00:00",
"db": "BID",
"id": "104295"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"date": "2018-05-25T15:29:00.587000",
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15393"
},
{
"date": "2018-05-02T00:00:00",
"db": "BID",
"id": "104295"
},
{
"date": "2018-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005258"
},
{
"date": "2018-06-25T13:53:17.317000",
"db": "NVD",
"id": "CVE-2018-6237"
},
{
"date": "2018-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro Smart Protection Server Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-874"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…