McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote malicious users to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee intrushield network security manager 5.1.7.73 |
||
mcafee intrushield network security manager 5.1.7.7 |
||
mcafee intrushield network security manager |