McAfee ePolicy Orchestrator CVE-2013-0141 Unspecified Directory Traversal Vulnerability

McAfee ePolicy Orchestrator is prone to an unspecified directory-traversal vulnerability.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

The following versions are vulnerable:

McAfee ePolicy Orchestrator 4.5 through versions 4.5.6
McAfee ePolicy Orchestrator 4.6 through versions 4.6.5


Privacy Statement
Copyright 2010, SecurityFocus