CVE-2016-6269

Published: Jan 30, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.

Affected (3)

Products: Trendmicro: Smart Protection Server

1 product

Smart Protection Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Smart Protection Server	Version 2.5
Trendmicro Smart Protection Server	Version 2.6
Trendmicro Smart Protection Server	Version 3.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://success.trendmicro.com/solution/1114913

Source: cve@mitre.org

MitigationPatchVendor Advisory

https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://success.trendmicro.com/solution/1114913

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.