/home/mb3e/

♺ Google is the best teacher ♺ | University of Gunadarma IT ☺

Web Administration Broken Access Control in McAfee Email Gateway

 Exploit Code : 
 Advisory Name:Web Administration Broken Access Control in McAfee Email
Gateway (formerly IronMail)
Vulnerability Class: Broken Access Control
Release Date: May 19, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Medium �CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Researcher: Nahuel Grisolía from Cybsec Labs
Vendor Status: Vendor was informed. A patch is being developed.
Reference to Vulnerability Disclosure Policy:
http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
Ironmail was found to allow Web Access users to execute arbitrary actions
with Write rights, due to an
improper profile check.

===========
Download:
===========
http://www.exploit-db.com/sploits/cybsec_advisory_2010_0501_Ironmail_Adviso
ry_Web_Access_Broken_Access.pdf
  • Web Administration Broken Access Control in McAfee Email Gateway
  • Unknown
  • May 20, 2010
  • No comments:
 

0 comments:

Post a Comment

silahkan tinggalkan komentar anda disini .. :D

Subscribe to: Post Comments (Atom)