ID CVE-2016-8024
Summary Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
Vulnerable Configurations
  • cpe:2.3:a:mcafee:virusscan_enterprise:1.9.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:mcafee:virusscan_enterprise:1.9.1:*:*:*:*:linux:*:*
  • cpe:2.3:a:mcafee:virusscan_enterprise:1.9.2:*:*:*:*:linux:*:*
  • cpe:2.3:a:mcafee:virusscan_enterprise:2.0.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:mcafee:virusscan_enterprise:2.0.3:*:*:*:*:linux:*:*
Base: 6.8 (as of 03-09-2017 - 01:29)
  • HTTP Response Splitting
    This attack uses a maliciously-crafted HTTP request in order to cause a vulnerable web server to respond with an HTTP response stream that will be interpreted by the client as two separate responses instead of one. This is possible when user-controlled input is used unvalidated as part of the response headers. The target software, the client, will interpret the injected header as being a response to a second request, thereby causing the maliciously-crafted contents be displayed and possibly cached.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 94823
exploit-db 40911
sectrack 1037433
saint via4
bid 94823
description McAfee VirusScan Enterprise for Linux authentication token brute force
title mcafee_virus_scan_linux_brute
type remote
Last major update 03-09-2017 - 01:29
Published 14-03-2017 - 22:59
Last modified 03-09-2017 - 01:29
Back to Top