Session Hijacking Vulnerability in McAfee IntruShield Network Security Manager
CVE-2009-3566

Currently unrated

Key Information:

Vendor

Mcafee
Status
Intrushield Network Security Manager
Vendor
CVE Published:
13 November 2009

What is CVE-2009-3566?

The McAfee IntruShield Network Security Manager (NSM) prior to version 5.1.11.8.1 is susceptible to session hijacking due to a lack of the HTTPOnly flag in the Set-Cookie header for session identifiers. This oversight permits attackers to exploit cross-site scripting (XSS) vulnerabilities, potentially allowing them to steal session cookies and gain unauthorized access to users' active sessions. This vulnerability underscores the critical need for secure cookie attributes to protect user sessions from unauthorized exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3226
vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1023172
vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.