McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
Posted: 12/4/11 by komz in Etiquetas: Authentication Bypass Vulnerability, McAfee firewall vulnerability, VulnerabilidadesMcAfee Firewall Reporter is prone to an authentication-bypass vulnerability.
Successfully exploiting this issue will allow attackers to point the 'cgisess' cookie value to an arbitrary file that exists on the server, bypassing certain security restrictions.
This issue may allow websites to bypass certain security restrictions and gain access to potentially sensitive information.
This issue was introduced in McAfee Firewall Reporter 5.1.0.6
REFERENCE: http://www.securityfocus.com/bid/47306/info
The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.
source: securityfocus.com