Missing HTTP Strict Transport Security in McAfee Network Data Loss Prevention
CVE-2017-3934

5.9MEDIUM

Key Information:

Vendor: Mcafee
Status: Network Data Loss Prevention
Vendor: CVE Published:; 31 October 2017

Summary

The vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x involves a missing HTTP Strict Transport Security (HSTS) state information. This flaw allows an attacker to conduct man-in-the-middle attacks, potentially exposing sensitive data by gaining unauthorized access to files read from the webserver. Organizations using the affected version should prioritize patching this vulnerability to mitigate the risks associated with improper handling of sensitive information.

Affected Version(s)

Network Data Loss Prevention 9.3.X

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101695

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2017
Vulnerability Reserved
Dec 26, 2016