Date: 19 March 2013
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0041
McAfee Vulnerability Manager Hotfixes available to address
cross-site scripting vulnerability
19 March 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Vulnerability Manager
Operating System: Windows Server 2003
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
Member content until: Thursday, April 18 2013
OVERVIEW
A vulnerability has been identified in McAfee Vulnerability Manager
versions 7.5.1 and 7.5.0. [1]
IMPACT
The vendor has provided the following information about the
vulnerability:
"McAfee Vulnerability Manager (MVM) 7.5.0 and 7.5.1 are vulnerable to
a cross-site scripting vulnerability. An attacker could leverage this
vulnerability to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site." [1]
MITIGATION
The vendor recommends applying the latest hotfix for your affected
version. [1]
REFERENCES
[1] McAfee Vulnerability Manager Hotfixes available to address
cross-site scripting vulnerability
https://kc.mcafee.com/corporate/index?page=content&id=KB77772
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUUfNae4yVqjM2NGpAQJcIxAAl07WpEboZ5ZIeNz6bwxILNvslCOoZ0Bn
JwA9gqDgfWzh7gSZ+q1PCOrAU/Qai0oUaCMcxMuNG1QC7MXnZF0trYIO+SvnwnX4
BH0j6LOF9RziMDJBpfSdGzt8uj7+bG4xntm+kmnFCHtHvRFDriBDPirmcZ+qNVgg
2Ea63pdq4iKsB2KEgfm+7nm3q5WDdTeN5lCKiGbPrZQLlnryYtRjcAw8li7LpyPt
CXx7U8rLuMKOXtrMgZ6ixB/sVZtaV4OMm/sn0si01jqeAWSXdVF1RXnU3SKI+zr7
qoA26+SQ7emBx3xJLxJgDbJUoCjI9xhVv7IDMqLMKoVhNHcobjlx7c7mnsenseeZ
ugon7AzZnD8OCLXI6ffYodMZFzj7PEkVOmD0TAxunku4I0ewj6KRKzfMZ/e63iGB
rCi8UCS3hBrBc+MkNt2pn4EDoShqxMQRm120fwjbtuQRx05ACW0lC0lP/PlbG3Nk
AUvVDEEe5mvym7WpNmCe6cDor8goGkfOGV9zih3OY2vTvVPlUtSA49KEh74hX2t0
5IKqnHEIvdyiLIXy3c8K6wz07oMI1UwmgC4f3RSUoeL8pRTAtJv0vm9pbIciszXN
+l+sY2UxVSBlOQ5b+giKIYVqaLcRSxgJ5x/D9jvbaZO/JCdVeeWNQ9ZodVlHI9RZ
4RXKV3tD1Nw=
=AyDs
-----END PGP SIGNATURE-----
|