McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
BID:10200
Info
McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
| Bugtraq ID: | 10200 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-0038 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery of this vulnerability has been credited to Internet Security Systems. |
| Vulnerable: |
McAfee ePolicy Orchestrator 3.0 SP2a McAfee ePolicy Orchestrator 3.0 McAfee ePolicy Orchestrator 2.5.1 McAfee ePolicy Orchestrator 2.5 SP1 McAfee ePolicy Orchestrator 2.5 |
| Not Vulnerable: | |
Discussion
McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
McAfee ePolicy Orchestrator has been reported prone to a remote code execution vulnerability. The issue is reported to be triggered when certain HTTP POST requests are handled by the McAfee ePolicy Orchestrator server.
An attacker may exploit this issue to execute code in the context of the affected software, and distribute this code across ePolicy Orchestrator infrastructure.
McAfee ePolicy Orchestrator has been reported prone to a remote code execution vulnerability. The issue is reported to be triggered when certain HTTP POST requests are handled by the McAfee ePolicy Orchestrator server.
An attacker may exploit this issue to execute code in the context of the affected software, and distribute this code across ePolicy Orchestrator infrastructure.
Exploit / POC
McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
Solution:
The vendor has released a patch to address this issue:
McAfee ePolicy Orchestrator 2.5.1
McAfee ePolicy Orchestrator 3.0 SP2a
Solution:
The vendor has released a patch to address this issue:
McAfee ePolicy Orchestrator 2.5.1
-
McAfee EPO25114.zip
http://download.nai.com/products/patches/ePO/v2.x/EPO25114.zip
McAfee ePolicy Orchestrator 3.0 SP2a
-
McAfee EPO3024.ZIP
http://download.nai.com/products/patches/ePO/v3.0/EPO3024.ZIP
References
McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
References:
References:
- McAfee Homepage (McAfee)