// For flags

CVE-2009-3566

McAfee Network Security Manager 5.1.7 - Information Disclosure

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.8.1 no incluye la bandera (flag) HTTPOnly en la cabecera Set-Cookie para la identificación de la sesión, lo que permite a atacantes remotos secuestrar una sesión aprovechando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS).

The McAfee Network Security Manager suffers from authentication bypass and session hijacking vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-10-05 CVE Reserved
  • 2009-11-06 First Exploit
  • 2009-11-13 CVE Published
  • 2024-06-23 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
Intrushield Network Security Manager
Search vendor "Mcafee" for product "Intrushield Network Security Manager"
<= 5.1.7.74
Search vendor "Mcafee" for product "Intrushield Network Security Manager" and version " <= 5.1.7.74"
-
Affected
Mcafee
Search vendor "Mcafee"
Intrushield Network Security Manager
Search vendor "Mcafee" for product "Intrushield Network Security Manager"
5.1.7.7
Search vendor "Mcafee" for product "Intrushield Network Security Manager" and version "5.1.7.7"
-
Affected
Mcafee
Search vendor "Mcafee"
Intrushield Network Security Manager
Search vendor "Mcafee" for product "Intrushield Network Security Manager"
5.1.7.73
Search vendor "Mcafee" for product "Intrushield Network Security Manager" and version "5.1.7.73"
-
Affected