Computer Security
[EN] no-pyccku

McAfee Network Security Manager multiple security vulnerabilities
SecurityVulns ID:10400
Threat Level:
Description:Authentication bypass, session hijacking, crossite scripting.
Affected:MCAFEE : McAfee Network Security Manager 5.1
CVE:CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.)
 CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.)
Original documentdocumentctu-no-reply_(at), [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability (12.11.2009)
 documentctu-no-reply_(at), [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability (12.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod