vendor:
EPO Framework Service
by:
Mati Aharoni
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: EPO Framework Service
Affected Version From: 4
Affected Version To: 4
Patch Exists: Yes
Related CWE: N/A
CPE: a:mcafee:epo_framework_service
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2008
Mcafee EPO 4.0 (and others) FrameworkService.exe DOS
A denial of service vulnerability exists in McAfee EPO 4.0 (and others) FrameworkService.exe. An attacker can send a specially crafted HTTP request with a large number of 'B' characters followed by a valid HTTP request to trigger this vulnerability. This will cause the service to crash, resulting in a denial of service condition.
Mitigation:
Upgrade to the latest version of McAfee EPO 4.0 (and others) FrameworkService.exe