CVE-2015-2859

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 23 June 2015

Summary

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

http://www.kb.cert.org/vuls/id/264092

third-party-advisoryx_refsource_CERT-VN

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75020

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 23, 2015
Vulnerability Reserved
Apr 3, 2015