CVE-2014-2588

McAfee Asset Manager 6.6 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2588. PoCs published by Brandon Perry.

AI-analyzed exploit summary The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Description

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.

Exploits (1)

exploitdb WRITEUP

by Brandon Perry · textwebappsjsp

https://www.exploit-db.com/exploits/32368

View Code ZIP pw:eip

The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: McAfee Asset Manager v6.6

Auth required

Prerequisites: Authenticated access to the McAfee Asset Manager web interface

MITRE ATT&CK