Vulnerability-Lookup

CVE-2019-3644 (GCVE-0-2019-3644)

Vulnerability from cvelistv5 – Published: 2019-09-11 14:08 – Updated: 2024-09-17 01:11

Title

MWG scanners updated to address CVE-2019-9517

Summary

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Denial of Service

Assigner

trellix

References

URL

	Vendor	Product	Version
	McAfee, LLC	McAfee Web Gateway (MWG)	Affected: 7.8.2.13 , < 7.8.2.13 (custom)

CNVD-2019-41491

Vulnerability from cnvd - Published: 2019-11-19

Title

McAfee Web Gateway (MWG)拒绝服务漏洞（CNVD-2019-41491）

Description

McAfee Web Gateway是高性能安全Web网关,采用一个统一的设备软件架构,具有同类最佳的威胁防护。 McAfee Web Gateway (MWG) 7.8.2.13之前版本的扫描代理存在拒绝服务漏洞。远程攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

McAfee Web Gateway (MWG)拒绝服务漏洞（CNVD-2019-41491）的补丁

Patch Description

McAfee Web Gateway是高性能安全Web网关,采用一个统一的设备软件架构,具有同类最佳的威胁防护。 McAfee Web Gateway (MWG) 7.8.2.13之前版本的扫描代理存在拒绝服务漏洞。远程攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10296

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3644

Impacted products

Name
Mcafee McAfee Web Gateway <7.8.2.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3644",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-3644"
    }
  },
  "description": "McAfee Web Gateway\u662f\u9ad8\u6027\u80fd\u5b89\u5168Web\u7f51\u5173,\u91c7\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u8bbe\u5907\u8f6f\u4ef6\u67b6\u6784,\u5177\u6709\u540c\u7c7b\u6700\u4f73\u7684\u5a01\u80c1\u9632\u62a4\u3002\n\nMcAfee Web Gateway (MWG) 7.8.2.13\u4e4b\u524d\u7248\u672c\u7684\u626b\u63cf\u4ee3\u7406\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41491",
  "openTime": "2019-11-19",
  "patchDescription": "McAfee Web Gateway\u662f\u9ad8\u6027\u80fd\u5b89\u5168Web\u7f51\u5173,\u91c7\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u8bbe\u5907\u8f6f\u4ef6\u67b6\u6784,\u5177\u6709\u540c\u7c7b\u6700\u4f73\u7684\u5a01\u80c1\u9632\u62a4\u3002\r\n\r\nMcAfee Web Gateway (MWG) 7.8.2.13\u4e4b\u524d\u7248\u672c\u7684\u626b\u63cf\u4ee3\u7406\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Web Gateway (MWG)\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-41491\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mcafee McAfee Web Gateway \u003c7.8.2.13"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3644",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-12",
  "title": "McAfee Web Gateway (MWG)\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-41491\uff09"
}

FKIE_CVE-2019-3644

Vulnerability from fkie_nvd - Published: 2019-09-11 15:15 - Updated: 2024-11-21 04:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

References

	URL	Tags
	trellixpsirt@trellix.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10296
	af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10296

Impacted products

Vendor	Product	Version
mcafee	active_response	1.0.0
mcafee	active_response	1.1.0
mcafee	active_response	2.0
mcafee	active_response	2.0.1
mcafee	active_response	2.1
mcafee	active_response	2.2
mcafee	active_response	2.3
mcafee	active_response	2.4
mcafee	advanced_threat_defense	4.0
mcafee	advanced_threat_defense	4.2
mcafee	advanced_threat_defense	4.4
mcafee	advanced_threat_defense	4.6
mcafee	enterprise_security_manager	10.2.0
mcafee	enterprise_security_manager	10.3.4
mcafee	enterprise_security_manager	10.4.0
mcafee	enterprise_security_manager	11.0.0
mcafee	enterprise_security_manager	11.1.0
mcafee	enterprise_security_manager	11.1.1
mcafee	enterprise_security_manager	11.1.2
mcafee	enterprise_security_manager	11.1.3
mcafee	enterprise_security_manager	11.2.0
mcafee	web_gateway	*
mcafee	web_gateway	*
mcafee	web_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D84C7BA1-9DDC-4EC1-AE5E-C037CFE8D8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECD820D-0433-410A-AED5-46F2CB6BE911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5209C02C-3C70-4830-B0A3-C64D79DC5A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05BAC6A6-DF1E-4376-B9CF-05F40F745ED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C790D75-4B4B-4FDC-965D-0FB63F99797E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB28220-53E3-4BEC-9DE4-F57D641E202A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8E6BD8-3E75-424D-8B05-B09D3650565B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_response:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2EACF29-7767-434F-94BD-7B2F95C69C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:advanced_threat_defense:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B77E862-D629-42CC-B8D9-53FB797C678D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:advanced_threat_defense:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86D15C17-0E8F-4AE8-A120-DFBF23E87FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:advanced_threat_defense:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAFF84E7-8137-44CE-912C-5F3D4CDBEA58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:advanced_threat_defense:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5471CB75-40E0-4A48-A3BA-68E7623E6BDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E31BFB-141E-4B03-A771-5ED37D79F5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:10.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8A9A863-DE4A-464D-A95D-F64876607B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F2E6B6-6887-43D1-A4B6-366E855E118B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "941E2766-3FA7-46C1-A912-C25E1FBFC532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0E7A4F-FE75-4AA8-A687-5453E8044305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "020FFFB9-5900-4BED-95AC-03E70835D59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D535AD-3802-449B-8A1B-FCD052687603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC652A9C-112C-4FCF-9CB3-21AECF9CAAF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F344E3-FB8C-418F-80F4-D24971F624E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A",
              "versionEndExcluding": "7.7.2.24",
              "versionStartIncluding": "7.7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C824161-E723-44FC-AED9-808787FF5823",
              "versionEndExcluding": "7.8.2.13",
              "versionStartIncluding": "7.8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAFC518-9D1C-4D93-8E87-A01F4B9BF71F",
              "versionEndExcluding": "8.2.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies."
    },
    {
      "lang": "es",
      "value": "McAfee Web Gateway (MWG) versiones anteriores a 7.8.2.13, es vulnerable para un atacante remoto que explota el CVE-2019-9517, conllevando potencialmente a una denegaci\u00f3n de servicio. Esto afecta los proxies de escaneo."
    }
  ],
  "id": "CVE-2019-3644",
  "lastModified": "2024-11-21T04:42:17.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-11T15:15:11.763",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-3644

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

Aliases

CVE-2019-3644

Aliases

CVE-2019-3644

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3644",
    "description": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.",
    "id": "GSD-2019-3644"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3644"
      ],
      "details": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.",
      "id": "GSD-2019-3644",
      "modified": "2023-12-13T01:24:04.854009Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "",
        "ASSIGNER": "psirt@mcafee.com",
        "DATE_PUBLIC": "",
        "ID": "CVE-2019-3644",
        "STATE": "PUBLIC",
        "TITLE": "MWG scanners updated to address CVE-2019-9517"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "McAfee Web Gateway (MWG)",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "\u003c",
                          "version_name": "7.8.2.13",
                          "version_value": "7.8.2.13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "McAfee, LLC"
            }
          ]
        }
      },
      "configuration": [],
      "credit": [],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies."
          }
        ]
      },
      "exploit": [],
      "generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
          }
        ]
      },
      "solution": [],
      "source": {
        "advisory": "",
        "defect": [],
        "discovery": "EXTERNAL"
      },
      "work_around": []
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:advanced_threat_defense:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:advanced_threat_defense:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:advanced_threat_defense:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:10.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.7.2.24",
                "versionStartIncluding": "7.7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.8.2.13",
                "versionStartIncluding": "7.8.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:10.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:11.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:advanced_threat_defense:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_response:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2019-3644"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-03-31T17:42Z",
      "publishedDate": "2019-09-11T15:15Z"
    }
  }
}

CVE-2019-3644

Vulnerability from fstec - Published: 11.09.2019

Title

Уязвимость веб-шлюза McAfee Web Gateway, связанная с ошибками в коде, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость веб-шлюза McAfee Web Gateway связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

McAfee Inc.

Software Name

Enterprise Security Manager, McAfee Active Response (MAR), McAfee Advanced Threat Defense, Web Gateway

Software Version

11.1.3 (Enterprise Security Manager), 11.1.2 (Enterprise Security Manager), 11.1.1 (Enterprise Security Manager), 11.1.0 (Enterprise Security Manager), 11.0.0 (Enterprise Security Manager), 10.3.4 (Enterprise Security Manager), 1.0.0 (McAfee Active Response (MAR)), 1.1.0 (McAfee Active Response (MAR)), 2.0 (McAfee Active Response (MAR)), 2.0.1 (McAfee Active Response (MAR)), 2.1 (McAfee Active Response (MAR)), 2.2 (McAfee Active Response (MAR)), 2.3 (McAfee Active Response (MAR)), 2.4 (McAfee Active Response (MAR)), 4.0 (McAfee Advanced Threat Defense), 4.2 (McAfee Advanced Threat Defense), 4.4 (McAfee Advanced Threat Defense), 4.6 (McAfee Advanced Threat Defense), от 7.7.2.0 до 7.7.2.24 (Web Gateway), от 7.8.2 до 7.8.2.13 (Web Gateway), от 8.0.0 до 8.2.0 (Web Gateway), 10.2.0 (Enterprise Security Manager), 10.4.0 (Enterprise Security Manager), 11.2.0 (Enterprise Security Manager)

Possible Mitigations

Использование рекомендаций производителя: https://www.mcafee.com/support/?page=content&id=SB10296

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3644 https://kc.mcafee.com/corporate/index?pagecontentidSB10296

CWE

CWE-17

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "McAfee Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.1.3 (Enterprise Security Manager), 11.1.2 (Enterprise Security Manager), 11.1.1 (Enterprise Security Manager), 11.1.0 (Enterprise Security Manager), 11.0.0 (Enterprise Security Manager), 10.3.4 (Enterprise Security Manager), 1.0.0 (McAfee Active Response (MAR)), 1.1.0 (McAfee Active Response (MAR)), 2.0 (McAfee Active Response (MAR)), 2.0.1 (McAfee Active Response (MAR)), 2.1 (McAfee Active Response (MAR)), 2.2 (McAfee Active Response (MAR)), 2.3 (McAfee Active Response (MAR)), 2.4 (McAfee Active Response (MAR)), 4.0 (McAfee Advanced Threat Defense), 4.2 (McAfee Advanced Threat Defense), 4.4 (McAfee Advanced Threat Defense), 4.6 (McAfee Advanced Threat Defense), \u043e\u0442 7.7.2.0 \u0434\u043e 7.7.2.24 (Web Gateway), \u043e\u0442 7.8.2 \u0434\u043e 7.8.2.13 (Web Gateway), \u043e\u0442 8.0.0 \u0434\u043e 8.2.0 (Web Gateway), 10.2.0 (Enterprise Security Manager), 10.4.0 (Enterprise Security Manager), 11.2.0 (Enterprise Security Manager)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \nhttps://www.mcafee.com/support/?page=content\u0026id=SB10296",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08339",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-3644",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Enterprise Security Manager, McAfee Active Response (MAR), McAfee Advanced Threat Defense, Web Gateway",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0448\u043b\u044e\u0437\u0430 McAfee Web Gateway, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0448\u043b\u044e\u0437\u0430 McAfee Web Gateway \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-3644 \nhttps://kc.mcafee.com/corporate/index?pagecontentidSB10296",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GHSA-94M5-M65Q-7W34

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2022-05-24 16:55

Details

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.",
  "id": "GHSA-94m5-m65q-7w34",
  "modified": "2022-05-24T16:55:57Z",
  "published": "2022-05-24T16:55:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3644"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3644 (GCVE-0-2019-3644)

CNVD-2019-41491

FKIE_CVE-2019-3644

GSD-2019-3644

CVE-2019-3644

GHSA-94M5-M65Q-7W34

Tags

Sightings

Nomenclature