cbcvebase.
CVE-2009-3566
published 2009-11-13

CVE-2009-3566: McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.04%
89.3th percentile
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
mcafeeintrushield_network_security_manager<= 5.1.7.74
mcafeeintrushield_network_security_manager
mcafeeintrushield_network_security_manager
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.