Path Traversal in Mcafee Web_gateway

CVE-2014-2535

Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.010 (77.0th percentile) — read the EPSS interpretation.

Affected products

Mcafee Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

56958 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
66193 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
mcafee-gateway-filtering-dir-traversal(91772) (VDB Entry, vdb-entry, x_refsource_XF)