CVE-2012-4581

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:email_and_web_security:5.6:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_and_web_security:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_and_web_security:5.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_gateway:7.0:*:*:*:*:*:*:*

Information

Published : 2012-08-22 03:42

Updated : 2012-08-22 03:42


NVD link : CVE-2012-4581

Mitre link : CVE-2012-4581


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

mcafee

  • email_and_web_security
  • email_gateway