McAfee Web Gateway sérülékenységek

Típus: Hírek
Publikálva: 09/01/2019
A CVE-2019-3581 sérülékenységben érintett verziók: 
- McAfee Web Gateway 7.8.2.5, vagy korábbi
- McAfee Web Gateway 8.0.2, vagy korábbi
 
A CVE-2018-11784, CVE-2018-12327 és CVE-2018-7170 sérülékenységben érintett verziók: 
- McAfee Web Gateway 7.7.2.19, vagy korábbi
- McAfee Web Gateway 7.8.2.5, vagy korábbi
- McAfee Web Gateway 8.0.2, vagy korábbi

A sérülékenységek részletei:
- CVE-2019-3581 (CVSS: 7.5; Severity: High) - An unauthenticated user can cause a denial of service attack against the proxy component of McAfee Web Gateway.
- CVE-2018-11784 (CVSS: 4.3; Severity: Medium) - When the default servlet in Apache Tomcat returned a redirect to a directory (for example, redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attacker's choice.
- CVE-2018-12327 (CVSS: 7.0; Severity: High) - The ntpq and ntpdc command-line utilities that are part of the ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.
- CVE-2018-7170 (CVSS: 3.1; Severity: Medium) - A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock.


A teljes cikk elérhető az alábbi linken:
https://kc.mcafee.com/corporate/index?page=content&id=PD28155
https://kc.mcafee.com/corporate/index?page=content&id=PD28156
https://kc.mcafee.com/corporate/index?page=content&id=PD28013

Kapcsolat

+36 1 371 2 370
mcafee.ecs.hu@arrow.com

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40  McAfee_SDS_badge