CVE-2016-6268

Published: Jan 30, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.

Affected (3)

Products: Trendmicro: Smart Protection Server

Trendmicro

1 product

Smart Protection Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Smart Protection Server	Version 2.5
Trendmicro Smart Protection Server	Version 2.6
Trendmicro Smart Protection Server	Version 3.0

Related CWEs

CWE-264

References (4)

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://success.trendmicro.com/solution/1114913

Source: cve@mitre.org

MitigationPatchVendor Advisory

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://success.trendmicro.com/solution/1114913

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.