Short Name |
APP:MCAFEE-DIR-TRAVERSAL |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal |
Release Date |
2014/05/05 |
Update Number |
2371 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects directory traversal attempts against the Mcafee Cloud. Attackers can use a slightly modified directory traversal attack to access files outside the Web server's path, from which they can gain sensitive information about the system and use it to craft a targeted attack.
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.