Trend Micro InterScan Messaging Security Suite Cross-site Scripting (CVE-2012-2995)
|Check Point Reference:||CPAI-2012-787|
|Source:||Secunia Advisory SA50620|
|Protection Provided by:||
Who is Vulnerable?
Trend Micro InterScan Messaging Security Suite
A cross-site-scripting vulnerability has been reported in Trend Micro InterScan Messaging Security Suite.
The vulnerability is due to insufficient sanitization of HTTP request parameters. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted link. Successful exploitation could allow an attacker to execute script code in the browser security context of the affected application.
This protection will detect and block malicious cross-site-scripting in Trend Micro InterScan Messaging Security Suite.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Trend Micro InterScan Messaging Security Suite Cross-site Scripting protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Trend Micro ServerProtect Protection Violation
Attack Information: Trend Micro InterScan Messaging Security Suite Cross-site Scripting