漏洞类别:CGI
漏洞等级: 
漏洞信息
McAfee VirusScan Enterprise combines anti-virus, anti-spyware, firewall, and intrusion prevention technologies to stop and remove malicious software.
This VirusScan Enterprise update fixes the following vulnerabilities:
CVE-2016-8023: Authentication Bypass by Assumed-Immutable Data.
CVE-2016-8024: Improper Neutralization of CRLF Sequences in HTTP.
CVE-2016-8020: Improper Control of Generation of Code.
CVE-2016-8022: Authentication Bypass by Spoofing.
CVE-2016-8025: Improper Neutralization of Special Elements used in an SQL Command.
CVE-2016-8021: Improper Verification of Cryptographic Signature.
CVE-2016-8018: Cross-Site Request Forgery.
CVE-2016-8019: Cross-site Scripting.
CVE-2016-8016: Information Exposure.
CVE-2016-8017: Failure to Sanitize Special Elements.
Affected Softwares:
VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier
漏洞危害
A remote attacker can exploit these vulnerabilities to read limited subsets of files and logs on the system, execute arbitrary JavaScript code in the web interface, or execute arbitrary code on the system.
解决方案
The vendor has released an updated version to fix these issues. Please refer to SB10181 for further information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论