McAfee ePolicy Orchestrator Arbitrary File Read

2003-07-31T00:00:00
ID OSVDB:5635
Type osvdb
Reporter BMC Software, Inc()
Modified 2003-07-31T00:00:00

Description

Vulnerability Description

McAfee ePolicy Orchestrator contains a flaw that allows a remote attacker to traverse directories on the Web server. The issue is due to the McAfee ePolicy Orchestrator not properly sanitizing user input. By sending a specially-crafted HTTP GET request, a remote attacker may traverse directories and view arbitrary files on the system.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, McAfee has released a patch to address this vulnerability.

Short Description

McAfee ePolicy Orchestrator contains a flaw that allows a remote attacker to traverse directories on the Web server. The issue is due to the McAfee ePolicy Orchestrator not properly sanitizing user input. By sending a specially-crafted HTTP GET request, a remote attacker may traverse directories and view arbitrary files on the system.

References:

Vendor Specific Solution URL: http://www.nai.com/us/downloads/updates/hotfixes.asp Vendor Specific Advisory URL Related OSVDB ID: 5636 Related OSVDB ID: 5637 Related OSVDB ID: 2351 ISS X-Force ID: 12790 CVE-2003-0610 Bugtraq ID: 8317