CVE-2017-7896

MEDIUM

Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7896. PoCs published by mr_me <[email protected]>, Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/trendmicro_imsva_widget_exec.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass (CVE-2017-11391) and command injection (CVE-2017-7896) in Trend Micro IMSVA. It extracts a JSESSIONID from a publicly accessible log file, bypasses authentication, and executes arbitrary commands via the 'proxy_controller.php' endpoint.

Description

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.

Exploits (1)

metasploit WORKING POC EXCELLENT
by mr_me <[email protected]>, Mehmet Ince <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trendmicro_imsva_widget_exec.rb

This Metasploit module exploits an authentication bypass (CVE-2017-11391) and command injection (CVE-2017-7896) in Trend Micro IMSVA. It extracts a JSESSIONID from a publicly accessible log file, bypasses authentication, and executes arbitrary commands via the 'proxy_controller.php' endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro InterScan Messaging Security (Virtual Appliance)
No auth needed
Prerequisites: Access to the management interface (port 8445) · Publicly accessible diagnostic.log file
devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.5331
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
trendmicro/interscan_messaging_security_virtual_appliance < 9.1
Published Apr 18, 2017
Tracked Since Feb 18, 2026