APP: McAfee Epolicy Orchestrator Multiple Cross Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability in McAfee ePolicy Orchestrator. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

Affected Products

Mcafee epolicy_orchestrator

References

CVE: CVE-2013-4883

Short Name
APP:MCAFEE-EPOLICY-XSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2013-4883 Cross Epolicy McAfee Multiple Orchestrator Scripting Site
Release Date
08/07/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3474
False Positive
Unknown
Vendors

Mcafee

CVSS Score

4.3

Found a potential security threat?