APP: McAfee Firewall Reporter isValidClient Remote Code Execution
This signature detects attempts to exploit a known vulnerability against McAfee Firewall. A successful attack can lead to arbitrary remote code execution.
Extended Description
McAfee Firewall Reporter is prone to an authentication-bypass vulnerability. Successfully exploiting this issue will allow attackers to point the 'cgisess' cookie value to an arbitrary file that exists on the server, bypassing certain security restrictions. This issue may allow websites to bypass certain security restrictions and gain access to potentially sensitive information. This issue was introduced in McAfee Firewall Reporter 5.1.0.6
Affected Products
Mcafee firewall_reporter
Short Name
APP:MCAFEE-FIREWALL-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Code Execution Firewall McAfee Remote Reporter bid:47306 isValidClient
Release Date
06/17/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mcafee