Details of VAR-201901-0048

ID

VAR-201901-0048

CVE

CVE-2019-3581

TITLE

McAfee Web Gateway Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001398

DESCRIPTION

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. McAfee Web Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. McAfee Web Gateway is prone to a remote denial-of-service vulnerability. Successful exploits of this issue will allow attackers to cause a denial-of-service condition. The following versions are vulnerable: 7.8.2 versions prior to 7.8.2.5 8.0 versions prior to 8.0.2. The product provides features such as threat protection, application control, and data loss prevention. Proxy is one of the proxy components. The proxy component in McAfee MWG 7.8.2.0 and later versions has an input validation vulnerability

Trust: 1.98

sources: NVD: CVE-2019-3581 // JVNDB: JVNDB-2019-001398 // BID: 106796 // VULHUB: VHN-155016

AFFECTED PRODUCTS

vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.5	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.0.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway software	scope:	-	version:	-	Trust: 0.8
vendor:	mcafee	model:	web gateway	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.2	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	8.0	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.2.4	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	8.0.2	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.8.2.5	Trust: 0.3

sources: BID: 106796 // JVNDB: JVNDB-2019-001398 // NVD: CVE-2019-3581

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3581
value:	HIGH
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2019-3581
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3581
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-209
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155016
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3581
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155016
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3581
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-155016 // JVNDB: JVNDB-2019-001398 // CNNVD: CNNVD-201901-209 // NVD: CVE-2019-3581 // NVD: CVE-2019-3581

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-155016 // JVNDB: JVNDB-2019-001398 // NVD: CVE-2019-3581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-209

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001398

PATCH

title:	SB10264	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10264	Trust: 0.8
title:	McAfee Web Gateway Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88394	Trust: 0.6

sources: JVNDB: JVNDB-2019-001398 // CNNVD: CNNVD-201901-209

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3581	Trust: 2.8
db:	MCAFEE	id:	SB10264	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001398	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-209	Trust: 0.7
db:	BID	id:	106796	Trust: 0.3
db:	VULHUB	id:	VHN-155016	Trust: 0.1

sources: VULHUB: VHN-155016 // BID: 106796 // JVNDB: JVNDB-2019-001398 // CNNVD: CNNVD-201901-209 // NVD: CVE-2019-3581

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10264	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3581	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3581	Trust: 0.8
url:	http://www.mcafee.com/	Trust: 0.3
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10264	Trust: 0.1

sources: VULHUB: VHN-155016 // BID: 106796 // JVNDB: JVNDB-2019-001398 // CNNVD: CNNVD-201901-209 // NVD: CVE-2019-3581

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106796

SOURCES

db:	VULHUB	id:	VHN-155016
db:	BID	id:	106796
db:	JVNDB	id:	JVNDB-2019-001398
db:	CNNVD	id:	CNNVD-201901-209
db:	NVD	id:	CVE-2019-3581

LAST UPDATE DATE

2024-11-23T22:26:05.567000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155016	date:	2019-10-09T00:00:00
db:	BID	id:	106796	date:	2019-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-001398	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201901-209	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2019-3581	date:	2024-11-21T04:42:12.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155016	date:	2019-01-09T00:00:00
db:	BID	id:	106796	date:	2019-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-001398	date:	2019-03-04T00:00:00
db:	CNNVD	id:	CNNVD-201901-209	date:	2019-01-10T00:00:00
db:	NVD	id:	CVE-2019-3581	date:	2019-01-09T14:29:00.207