McAfee Web Gateway Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with McAfee Web Gateway and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow an authenticated remote attacker to gain access to SHA1 hashed MWG administrator password information. Impact Level: Application

Solution

Upgrade to McAfee Web Gateway version 7.3.2.9 or 7.4.2 or later, For updates refer to http://www.mcafee.com/us

Insight

The flaw is due to an error in admin interface while viewing the top level Accounts tab

Affected

McAfee Web Gateway before 7.3.2.9 and 7.4.x before 7.4.2

Detection

Get the installed version of McAfee Web Gateway with the help of detect NVT and check the version is vulnerable or not.

References

http://www.osvdb.com/109588
http://www.securitytracker.com/id/1030675

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6064

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
/cgi-bin directory browsable ?
Apache Struts2 'XWork' Information Disclosure Vulnerability

Take action and discover your vulnerabilities