McAfee Firewall Reporter is prone to an authentication-bypass vulnerability.

Successfully exploiting this issue will allow attackers to point the 'cgisess' cookie value to an arbitrary file that exists on the server, bypassing certain security restrictions.

This issue may allow websites to bypass certain security restrictions and gain access to potentially sensitive information.

This issue was introduced in McAfee Firewall Reporter

REFERENCE: http://www.securityfocus.com/bid/47306/info

The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: securityfocus.com 

0 comentarios: