CVE-2009-3565 – McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3565
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en intruvert/jsp/module/Login.jsp en McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) iaction o (2) node. The McAfee Network Security Manager suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/10061 https://www.exploit-db.com/exploits/33346 http://kc.mcafee.com/corporate/index?page=content&id=SB10004 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023171 http://www.osvdb.org/59911 http://www.secureworks.com/ctu/advisories/SWRX-2009-001 http://www.securityfocus.com/archive/1/507820/100/0/threaded http://www.securityfocus.com/bid/37003 http://www.vupen.com/english/advisories/2009/3226 https://exchange. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3566 – McAfee Network Security Manager 5.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2009-3566
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.8.1 no incluye la bandera (flag) HTTPOnly en la cabecera Set-Cookie para la identificación de la sesión, lo que permite a atacantes remotos secuestrar una sesión aprovechando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). The McAfee Network Security Manager suffers from authentication bypass and session hijacking vulnerabilities. • https://www.exploit-db.com/exploits/33347 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023172 http://www.osvdb.org/59912 http://www.secureworks.com/ctu/advisories/SWRX-2009-002 http://www.securityfocus.com/archive/1/507822/100/0/threaded http://www.securityfocus.com/bid/37004 http://www.vupen.com/english/advisories/2009/3226 https://exchange.xforce.ibmcloud.com/vulnerabilities/54251 https://kc.mcafee.com/corporate/index?page=content&id=SB10005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •