Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for McAfee Web Gateway by McAfee

    CVE-2019-3581 (GCVE-0-2019-3581)

    Vulnerability from nvd – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
    VLAI
    Title
    McAfee Web Gateway denial of service attack due to Improper Input Validation
    Summary
    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway Affected: 7.8.2 , < 7.8.2* (custom)
    Affected: 7.8.2.5 , < 7.8.2.5 (custom)
    Affected: 8.0 , < 8.0* (custom)
    Affected: 8.0.2 , < 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.2*",
                  "status": "affected",
                  "version": "7.8.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.5",
                  "status": "affected",
                  "version": "7.8.2.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.2",
                  "status": "affected",
                  "version": "8.0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to MWG 7.8.2.5 or 8.0.2"
            }
          ],
          "source": {
            "advisory": "SB10264",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3581",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "7.8.2.5",
                                "version_value": "7.8.2.5"
                              },
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "8.0",
                                "version_value": "8.0"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.0.2",
                                "version_value": "8.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to MWG 7.8.2.5 or 8.0.2"
              }
            ],
            "source": {
              "advisory": "SB10264",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3581",
        "datePublished": "2019-01-09T14:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3581 (GCVE-0-2019-3581)

    Vulnerability from cvelistv5 – Published: 2019-01-09 14:00 – Updated: 2024-08-04 19:12
    VLAI
    Title
    McAfee Web Gateway denial of service attack due to Improper Input Validation
    Summary
    Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee McAfee Web Gateway Affected: 7.8.2 , < 7.8.2* (custom)
    Affected: 7.8.2.5 , < 7.8.2.5 (custom)
    Affected: 8.0 , < 8.0* (custom)
    Affected: 8.0.2 , < 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x86"
              ],
              "product": "McAfee Web Gateway",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "7.8.2*",
                  "status": "affected",
                  "version": "7.8.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.5",
                  "status": "affected",
                  "version": "7.8.2.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.2",
                  "status": "affected",
                  "version": "8.0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T13:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to MWG 7.8.2.5 or 8.0.2"
            }
          ],
          "source": {
            "advisory": "SB10264",
            "discovery": "INTERNAL"
          },
          "title": "McAfee Web Gateway denial of service attack due to Improper Input Validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3581",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Web Gateway denial of service attack due to Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Web Gateway",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "7.8.2",
                                "version_value": "7.8.2"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "7.8.2.5",
                                "version_value": "7.8.2.5"
                              },
                              {
                                "affected": "\u003e=",
                                "platform": "x86",
                                "version_affected": "\u003e=",
                                "version_name": "8.0",
                                "version_value": "8.0"
                              },
                              {
                                "affected": "\u003c",
                                "platform": "x86",
                                "version_affected": "\u003c",
                                "version_name": "8.0.2",
                                "version_value": "8.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10264"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to MWG 7.8.2.5 or 8.0.2"
              }
            ],
            "source": {
              "advisory": "SB10264",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3581",
        "datePublished": "2019-01-09T14:00:00.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }