Vulnerability Details CVE-2008-4403
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/32097
- http://www.securityfocus.com/bid/31531
- http://www.securitytracker.com/id?1020974
- http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt
- http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
- http://www.vupen.com/english/advisories/2008/2712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45599
- http://secunia.com/advisories/32097
- http://www.securityfocus.com/bid/31531
- http://www.securitytracker.com/id?1020974
- http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt
- http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
- http://www.vupen.com/english/advisories/2008/2712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45599
Products affected by CVE-2008-4403
-
cpe:2.3:a:trend_micro:officescan:8.0