<!– McAfee Email and Web Security Appliance multiple security vulnerabilities –>
McAfee Email and Web Security Appliance multiple security vulnerabilities
news /
advisories /
forum /
software /
advertising /
search /
exploits
<!–
google_ad_client = “pub-9080155680222782”;
google_ad_width = 468;
google_ad_height = 15;
google_ad_format = “468x15_0ads_al”;
//2007-01-19: Inside
google_ad_channel = “6209105484”;
google_color_border = “333333”;
google_color_bg = “0D0030”;
google_color_link = “AAAAAA”;
google_color_text = “999999”;
google_color_url = “C0C0C0”;
//–><!– script type="text/javascript"
src=”http://pagead2.googlesyndication.com/pagead/show_ads.js” –>
BUGTRAQSecurityVulns ID:12296Type:MCAFEE : McAfee Email and Web Security 5.6 MCAFEE : McAfee Email Gateway 7.0Original documentResearch@NGSSecure, NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL when logged in as any user (02.04.2012) Research@NGSSecure, NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked (02.04.2012) Research@NGSSecure, NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Active sesssion tokens of other users are disclosed within the UI (02.04.2012) Research@NGSSecure, NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators (02.04.2012) Research@NGSSecure, NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Session hijacking and bypassing client-side session timeouts (02.04.2012) Research@NGSSecure, NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 – Reflective XSS allowing an attacker to gain session tokens (02.04.2012)Discuss:Read or add your comments to this news (0 comments)
Article source: http://securityvulns.com/news/McAfee/EWSA.html
View full post on National Cyber Security