Lucene search
K

McAfee Email Gateway 7.6.x < 7.6.404 Blocked Email Alert XSS (SB10153)

🗓️ 02 May 2016 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 32 Views

The version of McAfee Email Gateway 7.6.x < 7.6.404 is vulnerable to XSS due to unvalidated input in blocked email alerts

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the McAfee Email Gateway software allows a hacker to inject arbitrary Web or HTML code.
19 Apr 201600:00
bdu_fstec
CNVD
McAfee Email Gateway Cross-Site Scripting Vulnerability (CNVD-2016-02066)
7 Apr 201600:00
cnvd
CVE
CVE-2016-3969
6 Apr 201618:00
cve
Cvelist
CVE-2016-3969
6 Apr 201618:00
cvelist
EUVD
EUVD-2016-4978
7 Oct 202500:30
euvd
NVD
CVE-2016-3969
6 Apr 201618:59
nvd
OpenVAS
McAfee Email Gateway XSS Vulnerability (SB10153)
8 Apr 201600:00
openvas
OSV
CVE-2016-3969
6 Apr 201618:59
osv
Prion
Cross site scripting
6 Apr 201618:59
prion
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90835);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/18");

  script_cve_id("CVE-2016-3969");
  script_xref(name:"MCAFEE-SB", value:"SB10153");
  script_xref(name:"IAVA", value:"2016-A-0117-S");

  script_name(english:"McAfee Email Gateway 7.6.x < 7.6.404 Blocked Email Alert XSS (SB10153)");
  script_summary(english:"Checks the MEG version.");

  script_set_attribute(attribute:"synopsis", value:
"The application installed on the remote host is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of McAfee Email Gateway (MEG) installed on the remote host
is 7.6.x prior to 7.6.404. It is, therefore, affected by a cross-site
scripting (XSS) vulnerability that is triggered when File Filtering is
enabled with the action set to 'ESERVICES:REPLACE'. This is due to a
failure to validate input passed via alerts for blocked email
attachments; attachments are displayed 'as is' without the XML or
HTML content being properly escaped. An unauthenticated, remote
attacker can exploit this, via a crafted email attachment, to execute
arbitrary script code in a user's browser session.");
  script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10153");
  script_set_attribute(attribute:"solution", value:
"Upgrade to McAfee Email Gateway version 7.6.404 as referenced in the
vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3969");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:email_gateway");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mcafee_email_gateway_version.nbin");
  script_require_keys("Host/McAfeeSMG/name", "Host/McAfeeSMG/version", "Host/McAfeeSMG/patches", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app_name = get_kb_item_or_exit("Host/McAfeeSMG/name");
version = get_kb_item_or_exit("Host/McAfeeSMG/version");
patches = get_kb_item_or_exit("Host/McAfeeSMG/patches");

if (version =~ "^7\.6")
{
  hotfix = "7.6.404-3328.101";
}
else
{
audit(AUDIT_INST_VER_NOT_VULN, app_name, version);
}

if (
    hotfix >!< patches
   )
{
  port = 0;
  report = '\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\n';
  security_report_v4(severity:SECURITY_WARNING, extra:report, port:port, xss:TRUE);
  exit(0);
}
else audit(AUDIT_PATCH_INSTALLED, hotfix, app_name, version);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Sep 2020 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 36.1
EPSS0.01009
32