McAfee ePolicy Orchestrator HTTP Server Source Header Remote Overflow
Critical Nessus Network Monitor Plugin ID 3766
SynopsisThe remote host is running a vulnerable version of McAfee ePolicy Orchestrator.
DescriptionArbitrary code can be executed on the remote host due to a flaw in the web service. The remote host is running McAfee ePolicy Orchestrator. The remote version of this software is vulnerable to a stack overflow vulnerability. An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to the remote host. A successful exploitation of this vulnerability would result in remote code execution with the privileges of the SYSTEM.
SolutionUpgrade to version 3.5.0 Patch 6 or higher.