McAfee WebShield UI mui Directory Traversal (SB10026)
medium Nessus Plugin ID 59112
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 4.9
Synopsis
An application hosted on the remote web server is affected by a directory traversal vulnerability.Description
The version of the McAfee WebShield UI hosted on the remote web server is affected by a directory traversal vulnerability. Input passed to the query string of /cgi-bin/mui is not properly sanitized. A remote, unauthenticated attacker can exploit this to read arbitrary files as the apache user.Solution
Apply the relevant hotfix specified in McAfee Security Bulletin SB10026.See Also
https://www.tenable.com/security/research/tra-2012-17
https://kc.mcafee.com/corporate/index?page=content&id=SB10026
Plugin Details
Severity: Medium
ID: 59112
File Name: mcafee_webshield_mui_dir_traversal.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 5/16/2012
Updated: 1/19/2021
Dependencies: 58581
Risk Information
Risk Factor: Medium
VPR Score: 4.9
CVSS Score Source: CVE-2012-4596
CVSS v2.0
Base Score: 4.3
Temporal Score: 3.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Temporal Vector: E:F/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:mcafee:email_and_web_security, cpe:/a:mcafee:email_gateway
Required KB Items: www/mcafee_webshield
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/8/2012
Vulnerability Publication Date: 5/8/2012
Exploitable With
Elliot (McAfee Email Gateway 7.0 File Disclosure)
Reference Information
CVE: CVE-2012-4596
BID: 55184
TRA: TRA-2012-17
MCAFEE-SB: SB10026