McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities

McAfee Email and Web Security Appliance and Email Gateway are prone to a cross-site scripting vulnerability, multiple information-disclosure vulnerabilities, a directory-traversal vulnerability, a security-bypass vulnerability, and an insecure-encryption vulnerability.

A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Exploiting the information-disclosure issues allow the attacker to view local files within the context of the Web server process.

Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions.

Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to retrieve arbitrary files in the context of the affected application.

Exploiting the insecure-encryption issue allows attackers to determine encryption keys, which may lead to further attacks.


Privacy Statement
Copyright 2010, SecurityFocus