What is the severity of CVE-2009-0612?

CVE-2009-0612 has a moderate severity rating due to its potential to expose user credentials.

How do I fix CVE-2009-0612?

To fix CVE-2009-0612, disable basic authorization on the standalone proxy or upgrade to a patched version of the software.

What products are impacted by CVE-2009-0612?

CVE-2009-0612 affects Trend Micro InterScan Web Security Suite versions 2.5 and 3.1, as well as the InterScan Web Security Virtual Appliance version 3.1.

Can CVE-2009-0612 be exploited remotely?

Yes, CVE-2009-0612 can be exploited remotely by attackers who can manipulate the web server to obtain credentials.

Is there a workaround for CVE-2009-0612?

Yes, a workaround for CVE-2009-0612 involves configuring your proxy settings to prevent the forwarding of the Proxy-Authorization header.

Vulnerability/
CVE-2009-0612

medium

4.3

CWE

200

17/2/2009

30/10/2018

CVE-2009-0612: Infoleak

First published: Tue Feb 17 2009(Updated: )

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Trend Micro InterScan Web Security Suite	=2.5
Trend Micro InterScan Web Security Suite	=3.1
Trend Micro InterScan Web Security Virtual Appliance	=3.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0612?
CVE-2009-0612 has a moderate severity rating due to its potential to expose user credentials.
How do I fix CVE-2009-0612?
To fix CVE-2009-0612, disable basic authorization on the standalone proxy or upgrade to a patched version of the software.
What products are impacted by CVE-2009-0612?
CVE-2009-0612 affects Trend Micro InterScan Web Security Suite versions 2.5 and 3.1, as well as the InterScan Web Security Virtual Appliance version 3.1.
Can CVE-2009-0612 be exploited remotely?
Yes, CVE-2009-0612 can be exploited remotely by attackers who can manipulate the web server to obtain credentials.
Is there a workaround for CVE-2009-0612?
Yes, a workaround for CVE-2009-0612 involves configuring your proxy settings to prevent the forwarding of the Proxy-Authorization header.

agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/references
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/event
vendor/trendmicro
canonical/trend micro interscan web security suite
version/trend micro interscan web security suite/2.5
version/trend micro interscan web security suite/3.1
canonical/trend micro interscan web security virtual appliance
version/trend micro interscan web security virtual appliance/3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.