Computer Security
[EN] securityvulns.ru no-pyccku


McAfee Network Security Manager multiple security vulnerabilities
Published:12.11.2009
Source:
SecurityVulns ID:10400
Type:remote
Threat Level:
6/10
Description:Authentication bypass, session hijacking, crossite scripting.
Affected:MCAFEE : McAfee Network Security Manager 5.1
CVE:CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.)
 CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.)
Original documentdocumentctu-no-reply_(at)_secureworks.com, [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability (12.11.2009)
 documentctu-no-reply_(at)_secureworks.com, [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability (12.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod