Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and previous versions) allows remote unauthenticated malicious user to obtain sensitive information via the server HTTP response spoofing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee virusscan enterprise |
This one ticks all the boxes: Runs as root ✔ Claims security ✔ Unpopular product with few updates ✔
McAfee has taken six months to patch 10 critical vulnerabilities in its VirusScan Enterprise Linux client. And these were nasty bugs as when chained they resulted remote code execution as root. Andrew Fasano, security researcher with MIT Lincoln Laboratory, says attackers can chain the flaws to compromise McAfee Linux clients by spinning up malicious update servers. "At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers l...