| VID |
23044 |
| Severity |
40 |
| Port |
8081 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Windows system is running ePolicy orchestrator.
ePolicy Orchestrator, developed by McAfee, is an antivirus program management tool for Microsoft Windows operating systems. ePolicy Orchestrator versions 2.0, 2.5, 2.5.1, and 3.0 are vulnerable to multiple vulnerabilities. By exploiting these vulnerabilities, a remote attacker could execute arbitrary code on the affected system.
ePolicy Orchestrator 2.0, 2.5 and 2.5.1 have the following vulnerabilities:
CAN-2003-0148 ePolicy Orchestrator MSDE SA Account Compromise
CAN-2003-0149 ePolicy Orchestrator 2.x Post Parameters Heap Overflow
CAN-2003-0616 ePolicy Orchestrator 2.x Computerlist format string
ePolicy Orchestrator 3.0 has the following vulnerabilities:
CAN-2003-0148 ePolicy Orchestrator MSDE SA Account Compromise
CAN-2003-0610 ePolicy Orchestrator 3.0 Agent Directory Traversal
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of ePolicy Orchestrator for the remote server, so this might be a false positive. If you have already applied all released security patches for the vulnerabilities mentioned above, then please ignore this alert
* References:
http://www.atstake.com/research/advisories/2003/a073103-1.txt
* Platforms Affected:
Windows Any version
ePolicy Orchestrator 2.0
ePolicy Orchestrator 2.5
ePolicy Orchestrator 2.5.1
ePolicy Orchestrator 3.0 |
| Recommendation |
Apply the appropriate patches for your system, as listed in Network Associates Security Bulletin 07/31/03 at http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp |
| Related URL |
CVE-2003-0148,CVE-2003-0149,CVE-2003-0610,CVE-2003-0616 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
12787,12788,12789 (ISS) |
|
