Trend Micro InterScan VirusWall HTTP requests allow non-scanned files
| viruswall-http-request (3280) |  Low Risk |
Description:
InterScan VirusWall HTTP requests could allow users behind a firewall to download non-scanned files. If two HTML GET commands are used in one request, the second GET command could point to a non-scanned file, such as an infected binary or macro file, or both. These files could be passed to the requesting user without warning or notification by the VirusWall. HTML GET commands are used by common Web browsers, including Netscape Communicator and Microsoft Internet Explorer.
Consequences:
Bypass Security
Remedy:
Apply the appropriate Trend Micro antivirus patch, as listed in BlackHats Advisory -- InterScan VirusWall. See References.
References:
- BlackHats Advisory -- InterScan VirusWall: InterScan Viruswall for Solaris.
- BugTraq Mailing List, Thu, 25 Feb 1999 12:28:46 -0800: Patch for InterScan VirusWall for Unix now available.
- CVE-1999-0378: InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.
- OSVDB ID: 6167: Trend Micro InterScan VirusWall Double GET Scan Bypass
Platforms Affected:
- Trend Micro VirusWall Solaris
Reported:
Feb 22, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net