VAR-201901-0048
Vulnerability from variot - Updated: 2023-12-18 12:36Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. McAfee Web Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. McAfee Web Gateway is prone to a remote denial-of-service vulnerability. Successful exploits of this issue will allow attackers to cause a denial-of-service condition. The following versions are vulnerable: 7.8.2 versions prior to 7.8.2.5 8.0 versions prior to 8.0.2. The product provides features such as threat protection, application control, and data loss prevention. Proxy is one of the proxy components. The proxy component in McAfee MWG 7.8.2.0 and later versions has an input validation vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.5"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.0.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.0.2.0"
},
{
"model": "web gateway software",
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.8.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.8.2.4"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.0.2"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.8.2.5"
}
],
"sources": [
{
"db": "BID",
"id": "106796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:mcafee_web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.2.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:mcafee_web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.8.2.5",
"versionStartIncluding": "7.8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3581"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "106796"
}
],
"trust": 0.3
},
"cve": "CVE-2019-3581",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3581",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-155016",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3581",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3581",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "trellixpsirt@trellix.com",
"id": "CVE-2019-3581",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155016",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. McAfee Web Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. McAfee Web Gateway is prone to a remote denial-of-service vulnerability. \nSuccessful exploits of this issue will allow attackers to cause a denial-of-service condition. \nThe following versions are vulnerable:\n7.8.2 versions prior to 7.8.2.5\n8.0 versions prior to 8.0.2. The product provides features such as threat protection, application control, and data loss prevention. Proxy is one of the proxy components. The proxy component in McAfee MWG 7.8.2.0 and later versions has an input validation vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "BID",
"id": "106796"
},
{
"db": "VULHUB",
"id": "VHN-155016"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3581",
"trust": 2.8
},
{
"db": "MCAFEE",
"id": "SB10264",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209",
"trust": 0.7
},
{
"db": "BID",
"id": "106796",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-155016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155016"
},
{
"db": "BID",
"id": "106796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"id": "VAR-201901-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155016"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:24.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SB10264",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10264"
},
{
"title": "McAfee Web Gateway Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88394"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155016"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10264"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3581"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10264"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155016"
},
{
"db": "BID",
"id": "106796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155016"
},
{
"db": "BID",
"id": "106796"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155016"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106796"
},
{
"date": "2019-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"date": "2019-01-09T14:29:00.207000",
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155016"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106796"
},
{
"date": "2019-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001398"
},
{
"date": "2023-11-07T03:09:54.413000",
"db": "NVD",
"id": "CVE-2019-3581"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "McAfee Web Gateway Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001398"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-209"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…