Synopsis
The remote web server hosts an application that is prone to a directory traversal attack.
Description
The instance of Trend Micro Data Loss Prevention Web Console listening on this port allows an unauthenticated, remote attacker to retrieve arbitrary files through its web server using specially crafted requests with encoded directory traversal sequences.
This can result in the disclosure of sensitive information, such as the appliance's /etc/password file and other sensitive files.
Solution
At the time of this writing, there is no vendor solution.
Plugin Details
File Name: trendmicro_dlpva_dir_traversal.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/trendmicro_dlpva_web_console
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 6/11/2011
Reference Information
BID: 48225