CVE-2009-0612

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.

🔗 References (10)

• cve@mitrehttp://secunia.com/advisories/33891
• cve@mitrehttp://www.securityfocus.com/archive/1/500760/100/0/threaded
• cve@mitrehttp://www.securityfocus.com/bid/33687
• cve@mitrehttp://www.securitytracker.com/id?1021716
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/48681
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33891
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/500760/100/0/threaded
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33687
• af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021716
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/48681