CVE-2009-0612

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

Published: Feb 17, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0612
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
trendmicro / interscan_web_security_suite	2.5	2.5.x
trendmicro / interscan_web_security_suite	3.1	3.1.x
trendmicro / interscan_web_security_virtual_appliance	3.1	3.1.x

http://secunia.com/advisories/33891
http://www.securityfocus.com/archive/1/500760/100/0/threaded
http://www.securityfocus.com/bid/33687
http://www.securitytracker.com/id?1021716
https://exchange.xforce.ibmcloud.com/vulnerabilities/48681

Vulnerability Database

289,784

CVE-2009-0612