Lucene search

MitreCVE-2006-0642

HistoryFeb 10, 2006 - 11:02 a.m.

CVE-2006-0642

2006-02-1011:02:00

mitre

web.nvd.nist.gov

cve-2006-0642

trend micro

serverprotect

anti-virus

bypass

configuration setting

compressed files

remote attackers

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of “Do not scan compressed files when Extracted file count exceeds 500 files,” which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.

Affected configurations

Nvd

Node

trend_microinterscan_messaging_security_suite

trend_microinterscan_web_security_suite

trend_microserverprotectMatch5.58emc

VendorProductVersionCPE
trend_microinterscan_messaging_security_suite*cpe:2.3:a:trend_micro:interscan_messaging_security_suite:*:*:*:*:*:*:*:*
trend_microinterscan_web_security_suite*cpe:2.3:a:trend_micro:interscan_web_security_suite:*:*:*:*:*:*:*:*
trend_microserverprotect5.58cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*

Vendor	Product	Version	CPE
trend_micro	interscan_messaging_security_suite	*	cpe:2.3:a:trend_micro:interscan_messaging_security_suite::::::::
trend_micro	interscan_web_security_suite	*	cpe:2.3:a:trend_micro:interscan_web_security_suite::::::::
trend_micro	serverprotect	5.58	cpe:2.3:a:trend_micro:serverprotect:5.58::emc:::::

References

www.packetstormsecurity.org/0602-advisories/Bypass.pdf

www.packetstormsecurity.org/filedesc/Bypass.pdf.html

www.securityfocus.com/archive/1/423896/100/0/threaded

www.securityfocus.com/archive/1/423913/100/0/threaded

www.securityfocus.com/archive/1/423914/100/0/threaded

www.securityfocus.com/archive/1/424172/100/0/threaded

www.securityfocus.com/archive/1/424598/100/0/threaded

www.securityfocus.com/bid/16483

exchange.xforce.ibmcloud.com/vulnerabilities/24658

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

Related for CVE-2006-0642