Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0101 Web Gateway update fixes information disclosure vulnerability 3 September 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway Operating System: Network Appliance Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-6064 Member content until: Friday, October 3 2014 OVERVIEW A vulnerability has been identified in McAfee Web Gateway (MWG) prior to MWG 7.4.1 and MWG 7.3.8. [1] IMPACT The vendor has provided the following information regarding this vulnerability: CVE-2014-6064: " Possible disclosure of cryptographically hashed administrative passwords to any single account with permissions to view the Accounts tab. Affected Component: The administrative user interface". [1] MITIGATION The vendor recommends updating to McAfee Web Gateway versions 7.3.2.9 and 7.4.2. [1] REFERENCES [1] McAfee Security Bulletin - Web Gateway update fixes information disclosure vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10080 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVAenwBLndAQH1ShLAQIsnQ//T77ZEaOjeAsfWkUL0Y1eY3vOWN/QyFQA Nl6Faz7L0Qkv0U0qAhwJlIkF/0zgml1LtME97IQzTtNgDfJmULcgMBIfz9gF+cRB VP6B3b4qCJJsFAjHo9f/Ivm75Nh2SvTuPQNLgzPOAAEFWj5NIzyH97wiWgo4QcV2 jm9ZVSikpEZDWOBaHjVBg6bZBJZvPkzVhXrx2aP9DkanTMiwifBLuAR3yZTSgcyh /qFtqjBJmAyp4awtcM2I3loZE5M/MnA+O7xP+g5lDIy61oOzRtg+ZXvBLDbV3AKG tuQlPH3fl3fu2WNjhFgvU0GZl7wamSUIhTzNvYQay8PHhgGOWpCDBpgTtTI1GoDn 5+0DvjtD1a3CRNR6rJRP42bqzjCYY82bVDkitXNaCFzQWtm/AIJUHOQHgik0naSS 7enV8ehhFeQLqp/it0klXIzJ7c0OTBF3o0rXNLcF9d8z3Dumxm3+s8clgWb7u6o9 waQkhYa1vX+8ZxYiWKPDIAhIufhLshn+yO283Yih4FeCRZ5abAeczye75N+qUZoy DKD0JBlQh6zwz64Ximk6+StnrrRpsEOv4wPCZHYx9NvyzyF2Cb4/PW+lPvPPrsi6 wpdekGwWSvUjFYTBcEAVmcAuWoZ0Yi+0SJEDqkFYVgZsDWEegTU4CVW37OBirFO9 DYtcIxLDI3s= =PHFT -----END PGP SIGNATURE-----