McAfee Email Gateway Appliance 7.x Multiple Vulnerabilities (SB10037)

medium Nessus Plugin ID 69955

Synopsis

The remote host is potentially affected by multiple vulnerabilities.

Description

According to the version of the Web UI on the remote McAfee Email Gateway appliance, it is potentially affected by the following vulnerabilities :

- The web mail client does not properly sanitize email attachment names allowing for cross-site scripting.

- The web mail client does not properly verify user permissions, which could allow an unauthorized user the ability to compose a large number of email messages.
This could completely fill up disk space on the appliance resulting in a denial of service condition.

Note that Nessus has not checked for the presence of a patch so this finding may be a false positive.

Solution

Apply MEG 7.0 Hotfix 116.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10037

Plugin Details

Severity: Medium

ID: 69955

File Name: mcafee_meg_sb10037.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 9/18/2013

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:mcafee:email_gateway

Required KB Items: Settings/ParanoidReport, www/mcafee_webshield

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/3/2012

Vulnerability Publication Date: 11/20/2012

Reference Information

BID: 56751

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

MCAFEE-SB: SB10037