CVE-2015-2873

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.6
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.8
trendmicrodeep_discovery_inspector
3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76396
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76396