CVE-2018-6237

{"id": "CVE-2018-6237", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-25T15:29:00.587", "references": [{"url": "https://success.trendmicro.com/solution/1119715", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.tenable.com/security/research/tra-2018-10", "tags": ["Exploit", "Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/1119715", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2018-10", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation."}, {"lang": "es", "value": "Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto no autenticado manipule el producto para enviar un gran n\u00famero de peticiones HTTP especialmente manipuladas para provocar que el sistema de archivos se llene, provocando finalmente una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2024-11-21T04:10:21.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E74019C0-01AD-4C0F-9ADE-099D6D7C8013"}, {"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB62FC55-4EA1-485E-9381-C14BA2F1E074"}, {"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4157366A-854E-4993-B08B-FAF7EA4D9ED2"}, {"criteria": "cpe:2.3:a:trendmicro:smart_protection_server:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD4082E4-88CC-4B48-AA49-B5EC28950D36"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@trendmicro.com"}