McAfee Cloud Single Sign On目录遍历漏洞

2014-03-18T00:00:00
ID SSV:61837
Type seebug
Reporter Root
Modified 2014-03-18T00:00:00

Description

CVE ID: CVE-2014-2536

McAfee Cloud Single Sign On是一款基于云的单点登录解决方案。

McAfee Cloud Single Sign On不正确过滤用户提交的输入,允许远程攻击者利用漏洞提交特制的目录遍历请求,读取任意文件内容。 0 McAfee Cloud Single Sign On (formerly McAfee Cloud Identity Manager) 4.x McAfee Cloud Single Sign On 4.0.1已经修复该漏洞,建议用户下载更新: http://www.mcafee.com/cn/products/cloud-single-sign-on.aspx?