Vulnerability Note VU#842452
McAfee HTTP Server vulnerable to buffer overflow
A stack-based buffer overflow exists in the McAfee HTTP server that may allow a remote, unauthenticated attacker to execute arbitrary code.
The McAfee HTTP server (NAISERV.exe) is used in McAfee products, such as McAfee ePolicy Orchestrator and Protection Pilot. The McAfee HTTP Server is vulnerable to a stack-based buffer overflow that can be triggered by sending the server a malformed HTTP packet.
More information is available in McAfee Security Bulletin 8611438.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply a patch
Limit Access to the McAfee HTTP Server
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|McAfee||Affected||-||04 Oct 2006|
CVSS Metrics (Learn More)
This issue was reported by muts.
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 02 Oct 2006
- Date First Published: 05 Oct 2006
- Date Last Updated: 05 Oct 2006
- Severity Metric: 18.56
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.