Micro Focus GroupWise Admin Console Cross Site Scripting Vulnerability (CVE-2016-5760)
2016年11月24日
危険度: 中
概要
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1000552