CVE-2015-2859

Sažetak

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Reference

http://www.kb.cert.org/vuls/id/264092
http://www.securityfocus.com/bid/75020
http://www.securitytracker.com/id/1032571
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
https://kc.mcafee.com/corporate/index?page=content&id=SB10120

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

03-12-2016 - 03:07

Objavljeno

23-06-2015 - 21:59