[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download
From: "Research () NGSSecure" <research () ngssecure ! com>
Date: 2012-03-29 7:51:29
Message-ID: 7E45577E4E72EC42BB3F8560D57E755145A99601 () manexchprd01
[Download RAW message or body]
Medium Risk Vulnerability in McAfee Email and Web Security Appliance
29 March 2012
Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee \
Email and Web Security Appliance
Impact: Arbitrary file download is possible with a crafted URL, when logged in as any \
user
Versions affected:
All versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, McAfee Email \
Gateway 7.0 Patch 1
NGS Secure is going to withhold details of this flaw for three months. This three \
month window will allow users the time needed to apply the patch before the details \
are released to the general public. This reflects the NGS Secure approach to \
responsible disclosure.
NGS Secure Research
http://www.ngssecure.com/research.aspx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic