McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10020 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:15:34
Updated: 2022-10-03T16:15:34
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-4581
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-08-22T10:42:04.757
Modified: 2012-08-22T10:42:04.757
Link: CVE-2012-4581
JSON object: View
Redhat Information
No data.
CWE