Trend Micro Smart Protection Server 3 webapps Execute Code Vulnerability

Summary

Trend Micro Smart Protection Server is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by Quentin Kaiser.
The original article can be found at: https://success.trendmicro.com/solution/1114913


Details

Vulnerable Systems:
 * Trend Micro Smart Protection Server 2.5
 * Trend Micro Smart Protection Server 2.6
 * Trend Micro Smart Protection Server 3

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.

CVE Information:
CVE-2016-6268

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-09