McAfee Email Gateway – Web Administration Broken Access Control

• Exploit Database
• 13 阅读

• 作者： Nahuel Grisolia
  日期： 2010-05-19
• 类别：

  • webapps
  平台：

  • freebsd
• 来源：https://www.exploit-db.com/exploits/12658/

• Advisory Name:Web Administration Broken Access Control in McAfee Email Gateway (formerly IronMail)
  Vulnerability Class: Broken Access Control
  Release Date: May 19, 2010
  Affected Applications: Secure Mail (Ironmail) ver.6.7.1
  Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
  Local / Remote: Local
  Severity: Medium – CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
  Researcher: Nahuel Grisolía from Cybsec Labs
  Vendor Status: Vendor was informed. A patch is being developed.
  Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
  Vulnerability Description:
  Ironmail was found to allow Web Access users to execute arbitrary actions with Write rights, due to an
  improper profile check.
  
  ===========
  Download:
  ===========
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12658.pdf (cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf)