CVE-2004-0038

Description

McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

Affected products

• McAfee / epolicy_orchestrator2.5 – 2.5
• McAfee / epolicy_orchestrator2.5 – 2.5
• McAfee / epolicy_orchestrator2.5.1 – 2.5.1
• McAfee / epolicy_orchestrator3.0 – 3.0
• McAfee / epolicy_orchestrator3.0 – 3.0

References

• MISChttp://www.osvdb.org/5626
• MISChttp://www.securityfocus.com/bid/10200
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/14166
• MISChttp://download.nai.com/products/patches/ePO/v2.x/Patch14.txt
• MISChttp://xforce.iss.net/xforce/alerts/id/173