| VID |
22069 |
| Severity |
30 |
| Port |
6515 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The host runs McAfee's myCIO HTTP Server, which vulnerable to Directory Traversal.
The server provides neighbouring PCs on the network with antivirus updates. In order to facilitate this service, a "McAfee Agent" process runs on each system, and hosts a small webserver which serves a limited set of files through TCP port 6515.
This webserver is intentionally limited to serving files within \winnt\mycio\agent\rmrcache. However, the service is vulnerable to directory traversal attacks, allowing a remote user to successfully request files from outside this directory scope. By submitting a properly-structured URL incorporating '.../' sequences, a user can ascend from the normally permitted directory tree, and read files from any location on the host filesystem. This could allow an attacker to obtain potentially sensitive or confidential information, which, if properly exploited, could be used to further undermine security on the host. |
| Recommendation |
Configure your firewall to block access to TCP 6515 port. Use the Auto Update feature of McAfee's myCIO to get the latest version. |
| Related URL |
CVE-2001-1144 (CVE) |
| Related URL |
3020 (SecurityFocus) |
| Related URL |
6834 (ISS) |
|
