Search criteria
6 vulnerabilities found for intrushield_network_security_manager by mcafee
CVE-2009-3566 (GCVE-0-2009-3566)
Vulnerability from nvd – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1023172 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/37004 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/59912 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507822/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-002 | x_refsource_MISC |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3566",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3565 (GCVE-0-2009-3565)
Vulnerability from nvd – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1023171 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://kc.mcafee.com/corporate/index?page=content… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37003 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/507820/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-001 | x_refsource_MISC |
| http://www.osvdb.org/59911 | vdb-entryx_refsource_OSVDB |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023171",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004",
"refsource": "CONFIRM",
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3565",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2009-3565
Vulnerability from fkie_nvd - Published: 2009-11-13 15:30 - Updated: 2026-04-23 00:35
Severity
Summary
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | intrushield_network_security_manager | * | |
| mcafee | intrushield_network_security_manager | 5.1.7.7 | |
| mcafee | intrushield_network_security_manager | 5.1.7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2D5500-7A6A-47AF-B8C8-F61C9D43B153",
"versionEndIncluding": "5.1.7.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7524D-EEA2-45D9-B741-B9B02224A3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE964A5-98D2-4690-90C3-89B91B1434E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en intruvert/jsp/module/Login.jsp en McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) iaction o (2) node."
}
],
"id": "CVE-2009-3565",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-13T15:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37178"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023171"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/59911"
},
{
"source": "cve@mitre.org",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3566
Vulnerability from fkie_nvd - Published: 2009-11-13 15:30 - Updated: 2026-04-23 00:35
Severity
Summary
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mcafee | intrushield_network_security_manager | * | |
| mcafee | intrushield_network_security_manager | 5.1.7.7 | |
| mcafee | intrushield_network_security_manager | 5.1.7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2D5500-7A6A-47AF-B8C8-F61C9D43B153",
"versionEndIncluding": "5.1.7.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7524D-EEA2-45D9-B741-B9B02224A3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE964A5-98D2-4690-90C3-89B91B1434E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.8.1 no incluye la bandera (flag) HTTPOnly en la cabecera Set-Cookie para la identificaci\u00f3n de la sesi\u00f3n, lo que permite a atacantes remotos secuestrar una sesi\u00f3n aprovechando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)."
}
],
"id": "CVE-2009-3566",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-13T15:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37178"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023172"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/59912"
},
{
"source": "cve@mitre.org",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-3566 (GCVE-0-2009-3566)
Vulnerability from cvelistv5 – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1023172 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/37004 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/59912 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/507822/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-002 | x_refsource_MISC |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10005"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "1023172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023172"
},
{
"name": "37004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37004"
},
{
"name": "nsm-httponly-session-hijacking(54251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54251"
},
{
"name": "59912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59912"
},
{
"name": "20091111 [SWRX-2009-002] McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507822/100/0/threaded"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3566",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3565 (GCVE-0-2009-3565)
Vulnerability from cvelistv5 – Published: 2009-11-13 15:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1023171 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2009/3226 | vdb-entryx_refsource_VUPEN |
| http://kc.mcafee.com/corporate/index?page=content… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/37003 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/37178 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/507820/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.secureworks.com/ctu/advisories/SWRX-2009-001 | x_refsource_MISC |
| http://www.osvdb.org/59911 | vdb-entryx_refsource_OSVDB |
Date Public
2009-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023171",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023171"
},
{
"name": "ADV-2009-3226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3226"
},
{
"name": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004",
"refsource": "CONFIRM",
"url": "http://kc.mcafee.com/corporate/index?page=content\u0026id=SB10004"
},
{
"name": "37003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37003"
},
{
"name": "nsm-login-xss(54250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250"
},
{
"name": "37178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37178"
},
{
"name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded"
},
{
"name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001",
"refsource": "MISC",
"url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001"
},
{
"name": "59911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3565",
"datePublished": "2009-11-13T15:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}