Info

Disclosure

Jan 29, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

McAfee ePolicy Orchestrator contains a flaw that may allow a remote denial of service. The issue is triggered when McAfee ePolicy Orchestrator recieves a HTTP POST request containing an invalid value in the "Content-Length:" header occurs, and will result in loss of availability for the the Orchestrator Agent.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Commercial
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, McAfee has released a patch to address this vulnerability.

Products

McAfee, Inc.	ePolicy Orchestrator	2.5.1
		3.0 SP1

References

Secunia Advisory ID: 10742
CVE ID: 2004-0095 (see also: NVD)
Bugtraq ID: 9476
Keyword: ePO Network Associates Patch EPO3013
Vendor Specific Solution URL: http://download.nai.com/products/patches/ePO/v2.x/EPO25113.Zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
Generic Exploit URL: http://immunitysec.com

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3744

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

McAfee, Inc.

ePolicy Orchestrator

References

Credit