ID CVE-2003-0616
Summary Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
References
Vulnerable Configurations
  • McAfee ePolicy Orchestrator 2.0
    cpe:2.3:a:mcafee:epolicy_orchestrator:2.0
  • McAfee ePolicy Orchestrator 2.5
    cpe:2.3:a:mcafee:epolicy_orchestrator:2.5
  • McAfee ePolicy Orchestrator 2.5.1
    cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1
  • McAfee ePolicy Orchestrator 2.5 SP1
    cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id EPOLICY_ORCHESTRATOR_MULTIPLE_ISSUES.NASL
description According to its banner, the remote version of ePolicy Orchestrator has multiple vulnerabilities which may allow an attacker to gain information on the MSDE installation of this host, or even execute arbitrary code.
last seen 2019-02-21
modified 2018-07-10
plugin id 11812
published 2003-07-31
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11812
title ePolicy Orchestrator Multiple Remote Vulnerabilities (OF, FS)
refmap via4
atstake A073103-1
confirm http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Last major update 23-07-2013 - 01:04
Published 27-08-2003 - 00:00
Back to Top