CVE-2015-2859
McAfee ePolicy Orchestrator 4.x-4.6.9 and 5.x-5.1.2 - Man-in-the-Middle via Unvalidated X.509 Certificate
Title source: llmDescription
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/264092
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10120
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75020
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032571
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
Scores
EPSS
0.0026
EPSS Percentile
49.5%
Details
CWE
CWE-310
Status
published
Products (22)
mcafee/epolicy_orchestrator
4.0
mcafee/epolicy_orchestrator
4.5.0
mcafee/epolicy_orchestrator
4.5.3
mcafee/epolicy_orchestrator
4.5.4
mcafee/epolicy_orchestrator
4.5.5
mcafee/epolicy_orchestrator
4.5.6
mcafee/epolicy_orchestrator
4.5.7
mcafee/epolicy_orchestrator
4.6.0
mcafee/epolicy_orchestrator
4.6.1
mcafee/epolicy_orchestrator
4.6.2
... and 12 more
Published
Jun 23, 2015
Tracked Since
Feb 18, 2026