Description
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48681
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33891
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33687
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021716
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500760/100/0/threaded
Scores
EPSS
0.0068
EPSS Percentile
71.8%
Details
CWE
CWE-200
Status
published
Products (3)
trendmicro/interscan_web_security_suite
2.5
trendmicro/interscan_web_security_suite
3.1
trendmicro/interscan_web_security_virtual_appliance
3.1
Published
Feb 17, 2009
Tracked Since
Feb 18, 2026