McAfee WebShield UI mui Directory Traversal (SB10026)
medium Nessus Plugin ID 59112
Language:
Synopsis
An application hosted on the remote web server is affected by a directory traversal vulnerability.Description
The version of the McAfee WebShield UI hosted on the remote web server is affected by a directory traversal vulnerability. Input passed to the query string of /cgi-bin/mui is not properly sanitized. A remote, unauthenticated attacker can exploit this to read arbitrary files as the apache user.Solution
Apply the relevant hotfix specified in McAfee Security Bulletin SB10026.See Also
https://www.tenable.com/security/research/tra-2012-17
https://kc.mcafee.com/corporate/index?page=content&id=SB10026
Plugin Details
Severity: Medium
ID: 59112
File Name: mcafee_webshield_mui_dir_traversal.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 5/16/2012
Updated: 1/19/2021
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Temporal Vector: E:F/RL:OF/RC:C
CVSS Score Source: CVE-2012-4596
Vulnerability Information
CPE: cpe:/a:mcafee:email_and_web_security, cpe:/a:mcafee:email_gateway
Required KB Items: www/mcafee_webshield
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/8/2012
Vulnerability Publication Date: 5/8/2012
Exploitable With
Elliot (McAfee Email Gateway 7.0 File Disclosure)
Reference Information
CVE: CVE-2012-4596
BID: 55184
TRA: TRA-2012-17
MCAFEE-SB: SB10026