CVE-2017-3934

{"id": "CVE-2017-3934", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-10-31T14:29:00.383", "references": [{"url": "http://www.securityfocus.com/bid/101695", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@intel.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "http://www.securityfocus.com/bid/101695", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver."}, {"lang": "es", "value": "Una vulnerabilidad de falta de informaci\u00f3n de estado de la seguridad de transporte estricto HTTP en el servidor en versiones 9.3.x de McAfee Network Data Loss Prevention (NDLP) permite que atacantes Man-in-the-Middle (MitM) expongan informaci\u00f3n confidencial mediante archivos de lectura en el servidor web."}], "lastModified": "2024-11-21T03:26:21.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DABB617F-203F-4074-82D2-B975C15221F3", "versionEndIncluding": "9.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}