Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for intrushield_network_security_manager by mcafee
CVE-2009-3566 (GCVE-0-2009-3566)
Vulnerability from nvd – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1023172 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/37004 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/59912 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507822/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-002 | x_refsource_MISC |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3566",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3565 (GCVE-0-2009-3565)
Vulnerability from nvd – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1023171 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://kc.mcafee.com/corporate/index?page=content… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37003 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/507820/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-001 | x_refsource_MISC |
| http://www.osvdb.org/59911 | vdb-entryx_refsource_OSVDB |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023171",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004",
"refsource": "CONFIRM",
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3565",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3565 (GCVE-0-2009-3565)
Vulnerability from cvelistv5 – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1023171 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://kc.mcafee.com/corporate/index?page=content… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37003 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/507820/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-001 | x_refsource_MISC |
| http://www.osvdb.org/59911 | vdb-entryx_refsource_OSVDB |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023171",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004",
"refsource": "CONFIRM",
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3565",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3566 (GCVE-0-2009-3566)
Vulnerability from cvelistv5 – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1023172 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/37004 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/59912 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507822/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-002 | x_refsource_MISC |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3566",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}