You are here

U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability

October 26, 2011 - 9:00am

Addthis

PROBLEM:

McAfee Web Gateway Web Access Cross Site Scripting Vulnerability.

PLATFORM:

The vulnerability is reported in versions prior to 7.1.5.2.

ABSTRACT:

Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

reference LINKS:

McAfee Web Gateway Release Notes
Bugtraq ID: 50341
Secunia Advisory: SA46570

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability has been reported in McAfee Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input pass to the web interface is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Impact:

Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Solution:

Update to version  7.1.5.2 Instructions are located under "Installation".

Addthis