VAR-201403-0278
Vulnerability from variot - Updated: 2023-12-18 13:19Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. McAfee Web Gateway is prone to a directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. The following versions are vulnerable: McAfee Web Gateway 7.4.0 and prior McAfee Web Gateway 7.3.2.4 and prior McAfee Web Gateway 7.2.0.9 and prior. The product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in MWG. The following versions are affected: MWG 7.2.0.9 and earlier, 7.3.2.4 and earlier, 7.4.0 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.3.2.6"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.3.2"
},
{
"model": "web gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.2.0.9"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.2.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.4.1"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.4.0"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.3.2.6"
},
{
"model": "web gateway software",
"scope": "lt",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.4.x"
},
{
"model": "web gateway software",
"scope": "lte",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.2.0.9 and earlier"
},
{
"model": "web gateway software",
"scope": "lt",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.3.x"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "7.4.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mcafee",
"version": "7.3.2.4"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mcafee",
"version": "7.2.0.9"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mcafee",
"version": "7.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.0.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.3.2.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2535"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilyas Orak from Biznet Bilisim",
"sources": [
{
"db": "BID",
"id": "66193"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2535",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-70474",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2535",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-345",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70474",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70474"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. McAfee Web Gateway is prone to a directory-traversal vulnerability. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the context of the application. \nExploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. \nThe following versions are vulnerable:\nMcAfee Web Gateway 7.4.0 and prior\nMcAfee Web Gateway 7.3.2.4 and prior\nMcAfee Web Gateway 7.2.0.9 and prior. The product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in MWG. The following versions are affected: MWG 7.2.0.9 and earlier, 7.3.2.4 and earlier, 7.4.0 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "BID",
"id": "66193"
},
{
"db": "VULHUB",
"id": "VHN-70474"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2535",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "56958",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10063",
"trust": 1.7
},
{
"db": "BID",
"id": "66193",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345",
"trust": 0.7
},
{
"db": "XF",
"id": "91772",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70474",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70474"
},
{
"db": "BID",
"id": "66193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"id": "VAR-201403-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70474"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:19:59.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SB10063",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10063"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70474"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://secunia.com/advisories/56958"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10063"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/66193"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91772"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2535"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2535"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91772"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/23000/pd23455/en_us/mwg_7152_release_notes.pdf"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10063"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70474"
},
{
"db": "BID",
"id": "66193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70474"
},
{
"db": "BID",
"id": "66193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-70474"
},
{
"date": "2014-02-24T00:00:00",
"db": "BID",
"id": "66193"
},
{
"date": "2014-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"date": "2014-03-18T17:04:18.407000",
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"date": "2014-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-70474"
},
{
"date": "2014-03-25T00:58:00",
"db": "BID",
"id": "66193"
},
{
"date": "2014-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001745"
},
{
"date": "2018-12-13T18:21:46.967000",
"db": "NVD",
"id": "CVE-2014-2535"
},
{
"date": "2014-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Web Gateway Directory Traversal Vulnerability",
"sources": [
{
"db": "BID",
"id": "66193"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-345"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…