Description
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10020
Scores
EPSS
0.0049
EPSS Percentile
65.9%
Details
CWE
CWE-287
Status
published
Products (4)
mcafee/email_and_web_security
5.0
mcafee/email_and_web_security
5.5
mcafee/email_and_web_security
5.6
mcafee/email_gateway
7.0
Published
Aug 22, 2012
Tracked Since
Feb 18, 2026