CVE-2004-0038

McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

Published: Jun 14, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0038
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mcafee / epolicy_orchestrator	2.5.1	2.5.1.x
mcafee / epolicy_orchestrator	3.0	3.0.x
mcafee / epolicy_orchestrator	3.0-sp2a	3.0-sp2a.x
mcafee / epolicy_orchestrator	2.5	2.5.x
mcafee / epolicy_orchestrator	2.5-sp1	2.5-sp1.x

http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt
http://www.osvdb.org/5626
http://www.securityfocus.com/bid/10200
http://xforce.iss.net/xforce/alerts/id/173
https://exchange.xforce.ibmcloud.com/vulnerabilities/14166

Vulnerability Database

289,599

CVE-2004-0038