CVE-2017-3935 — Sensitive Information Exposure in Network Data Loss Prevention

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 51.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Data Loss Prevention

Timeline

PublishedOct 31

Latest updateMay 17

Description

Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/network_data_loss_prevention9.3.0

▶CVEListV5mcafee/network_data_loss_prevention9.3.X

🔴Vulnerability Details

GHSA

GHSA-6v3c-3xhp-9hj9: Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the resp↗2022-05-17

▶