module
TrendMicro Data Loss Prevention 5.5 Directory Traversal
| Disclosed | Created |
|---|---|
| Jan 9, 2009 | May 30, 2018 |
Disclosed
Jan 9, 2009
Created
May 30, 2018
Description
This module tests whether a directory traversal vulnerability is present
in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build
The vulnerability appears to be actually caused by the Tomcat UTF-8
bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938.
This module simply tests for the same bug with Trend Micro specific settings.
Note that in the Trend Micro appliance, /etc/shadow is not used and therefore
password hashes are stored and anonymously accessible in the passwd file.
in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build
The vulnerability appears to be actually caused by the Tomcat UTF-8
bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938.
This module simply tests for the same bug with Trend Micro specific settings.
Note that in the Trend Micro appliance, /etc/shadow is not used and therefore
password hashes are stored and anonymously accessible in the passwd file.
Author
aushack patrick@osisecurity.com.au
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.