Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0127 — Improper Restriction of Operations within the Bounds of a Memory Buffer in E-business Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

8.8HIGHNVD

EPSS

24.6%

top 3.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee E-business Server

Timeline

PublishedJan 10

Latest updateMay 1

Description

The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.

CVSS vector

AV:N/AC:M/C:N/I:C/A:CExploitability: 8.6 | Impact: 9.2

Affected Packages1 packages

▶NVDmcafee/e-business_server8.5.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vv84-p762-v8xx: The administration interface in McAfee E-Business Server 8↗2022-05-01

▶

CVEList

CVE-2008-0127: The administration interface in McAfee E-Business Server 8↗2008-01-10

▶

💥Exploits & PoCs

Exploit-DB

McAfee E-Business Server 8.5.2 - Remote Code Execution / Denial of Service (PoC)↗2008-01-09

▶

📋Vendor Advisories

Red Hat

m2crypto: OpenSSL incorrect checks for malformed signatures↗2009-01-11

▶