Sign-up

ID

VAR-201805-0902


CVE

CVE-2018-6237


TITLE

Trend Micro Smart Protection Server Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-005258

DESCRIPTION

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. Trend Micro Smart Protection Server (Standalone) Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A security vulnerability exists in Trend MicroSmartProtectionServer (Standalone) 3.x. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2018-6237 // JVNDB: JVNDB-2018-005258 // CNVD: CNVD-2018-15393 // BID: 104295

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-15393

AFFECTED PRODUCTS

vendor:trendmicromodel:smart protection serverscope:eqversion:3.1

Trust: 1.6

vendor:trendmicromodel:smart protection serverscope:eqversion:3.0

Trust: 1.6

vendor:trendmicromodel:smart protection serverscope:eqversion:3.3

Trust: 1.6

vendor:trendmicromodel:smart protection serverscope:eqversion:3.2

Trust: 1.6

vendor:trend micromodel:smart protection serverscope:eqversion:3.x

Trust: 0.8

vendor:trend micromodel:smart protection serverscope:eqversion:3.*

Trust: 0.6

vendor:trend micromodel:smart protection serverscope:eqversion:3.3

Trust: 0.3

vendor:trend micromodel:smart protection serverscope:eqversion:3.2

Trust: 0.3

vendor:trend micromodel:smart protection serverscope:eqversion:3.1

Trust: 0.3

vendor:trend micromodel:smart protection serverscope:eqversion:3.0

Trust: 0.3

vendor:trend micromodel:smart protection server cp b1090scope:neversion:3.3

Trust: 0.3

vendor:trend micromodel:smart protection server cp b1092scope:neversion:3.2

Trust: 0.3

vendor:trend micromodel:smart protection server buildscope:neversion:3.11068

Trust: 0.3

vendor:trend micromodel:smart protection server buildscope:neversion:3.01358

Trust: 0.3

sources: CNVD: CNVD-2018-15393 // BID: 104295 // JVNDB: JVNDB-2018-005258 // CNNVD: CNNVD-201805-874 // NVD: CVE-2018-6237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6237
value: HIGH

Trust: 1.0

NVD: CVE-2018-6237
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-15393
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-874
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-6237
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-15393
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6237
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-15393 // JVNDB: JVNDB-2018-005258 // CNNVD: CNNVD-201805-874 // NVD: CVE-2018-6237

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2018-005258 // NVD: CVE-2018-6237

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-874

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-874

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005258

PATCH
title:1119715url:https://success.trendmicro.com/solution/1119715
Trust: 0.8
title:TrendMicroSmartProtectionServer Remote Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/137487
Trust: 0.6
title:Trend Micro Smart Protection Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83717
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-15393 // 
            
            
            
            JVNDB: JVNDB-2018-005258 // 
            
            
            
            CNNVD: CNNVD-201805-874

EXTERNAL IDS
db:NVDid:CVE-2018-6237
Trust: 3.3
db:TENABLEid:TRA-2018-10
Trust: 1.9
db:JVNDBid:JVNDB-2018-005258
Trust: 0.8
db:CNVDid:CNVD-2018-15393
Trust: 0.6
db:NSFOCUSid:39897
Trust: 0.6
db:CNNVDid:CNNVD-201805-874
Trust: 0.6
db:ZDIid:ZDI-18-421
Trust: 0.3
db:BIDid:104295
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-15393 // 
            
            
            
            BID: 104295 // 
            
            
            
            JVNDB: JVNDB-2018-005258 // 
            
            
            
            CNNVD: CNNVD-201805-874 // 
            
            
            
            NVD: CVE-2018-6237

REFERENCES
url:https://www.tenable.com/security/research/tra-2018-10
Trust: 1.9
url:https://success.trendmicro.com/solution/1119715
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2018-6237
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6237
Trust: 0.8
url:http://www.nsfocus.net/vulndb/39897
Trust: 0.6
url:http://www.trend.com
Trust: 0.3
url:https://www.zerodayinitiative.com/advisories/zdi-18-421/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-15393 // 
            
            
            
            BID: 104295 // 
            
            
            
            JVNDB: JVNDB-2018-005258 // 
            
            
            
            CNNVD: CNNVD-201805-874 // 
            
            
            
            NVD: CVE-2018-6237

CREDITS
Fabius Artrel working with Trend Micro's Zero Day Initiative and Tenable, Inc.
Trust: 0.3
sources:
            
            
            BID: 104295

SOURCES
db:CNVDid:CNVD-2018-15393
db:BIDid:104295
db:JVNDBid:JVNDB-2018-005258
db:CNNVDid:CNNVD-201805-874
db:NVDid:CVE-2018-6237

LAST UPDATE DATE
2024-11-23T21:38:58.373000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-15393date:2018-08-16T00:00:00
db:BIDid:104295date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-005258date:2018-07-11T00:00:00
db:CNNVDid:CNNVD-201805-874date:2018-07-19T00:00:00
db:NVDid:CVE-2018-6237date:2024-11-21T04:10:21.553

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-15393date:2018-08-15T00:00:00
db:BIDid:104295date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-005258date:2018-07-11T00:00:00
db:CNNVDid:CNNVD-201805-874date:2018-05-25T00:00:00
db:NVDid:CVE-2018-6237date:2018-05-25T15:29:00.587