Signature Detail
Short Name |
APP:MCAFEE-DIR-TRAVERSAL |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal |
Release Date |
2014/05/05 |
Update Number |
2371 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal
This signature detects directory traversal attempts against the Mcafee Cloud. Attackers can use a slightly modified directory traversal attack to access files outside the Web server's path, from which they can gain sensitive information about the system and use it to craft a targeted attack.
Extended Description
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.
Affected Products
- intel expressway_cloud_access_360 2.1
- intel expressway_cloud_access_360 2.5
- mcafee cloud_identity_manager 3.0
- mcafee cloud_identity_manager 3.1
- mcafee cloud_identity_manager 3.5.1
- mcafee cloud_single_sign_on 4.0.0
References