Threat Encyclopedia

McAfee.VirusScan.ENT.Linux.Auth.Token.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure vulnerability in McAfee VirusScan Enterprise for Linux.
The vulnerability allows a remote attacker to determine a valid or authenticated Cookie from a target's response. A remote attacker can send multiple attempts with different value in the Cookie in order to determine a valid Cookie. Detection is triggered if attempted at a rate of more than about 5 times in 20 seconds.

affected-products-logoAffected Products

McAfee VirusScan Enterprise for Linux version 1.9.2 to 2.0.2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://kc.mcafee.com/corporate/index?page=content&id=SB10181

CVE References

CVE-2016-8023