McAfee Web Gateway sérülékenységek

Típus: Hírek
Publikálva: 15/11/2018
A javítást már tartalmazó verziók:
- v7.8.2.4, vagy későbbi verzió (Main Release)
- v8.0.1, vagy későbbi verzió (Controlled Release)

A sérülékenységek részletei:
- CVE-2018-3180 (CVSS: 4.8 / 4.6; Severity: Medium) - is a certificate verification flaw found in the JSSE component of OpenJDK. No check was performed during the TLS session resumption to ensure that the same endpoint identification algorithm had been used when originally opening the session, as was required when resuming the session. In certain cases, this could lead to having a TLS connection established without required server identity verification.
- CVE-2018-13785 (CVSS: 2.4 / 2.3; Severity: Low) - In libpng 1.6.34, an incorrect calculation of row factor in the png_check_chunk_length function (pngrutil.c) might trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

A teljes cikk elérhető az alábbi linken:


+36 1 371 2 370

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40  McAfee_SDS_badge