Vulnerability Description
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Epolicy Orchestrator | 4.0 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/264092Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/75020
- http://www.securitytracker.com/id/1032571
- https://kc.mcafee.com/corporate/index?page=content&id=KB84628PatchVendor Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10120PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/264092Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/75020
- http://www.securitytracker.com/id/1032571
- https://kc.mcafee.com/corporate/index?page=content&id=KB84628PatchVendor Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10120PatchVendor Advisory
FAQ
What is CVE-2015-2859?
CVE-2015-2859 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows ma...
How severe is CVE-2015-2859?
CVE-2015-2859 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2859?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Epolicy Orchestrator.