Back to search
CVE-2012-4581
Published: Aug 22, 2012
Modified: Sep 17, 2024
PUBLISHED
Description
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10020
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now