- Description
- The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E8704FA-AA3C-4664-A5AA-50F60AE77642"
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:1.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB3418C3-1AE8-4011-9B6C-6A3D6F891AED"
}
],
"operator": "OR"
}
]
}
]