Severity: : Critical
  CVE Kennungen: : CVE-2006-5156
  Advisory Date: 21 de lipca de 2015

  DESCRIPTION

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000797
  Trend Micro Deep Security DPI Rule Name: 1000797 - McAfee HTTP Server Remote Buffer Overflow

  AFFECTED SOFTWARE AND VERSION:

  • McAfee ProtectionPilot 1.1.1
  • McAfee ePolicy Orchestrator 3.0
  • McAfee ePolicy Orchestrator 3.0 SP2a
  • McAfee ePolicy Orchestrator 3.5.0