CVE-2012-4581

Name of the Vulnerable Software and Affected Versions McAfee Email and Web Security (EWS) versions 5.x through 5.5 before Patch 6 McAfee Email and Web Security (EWS) version 5.6 before Patch 3 McAfee Email Gateway (MEG) versions 7.0 before Patch 1

Description The issue is related to a "Logout Failure" where the server-side session token is not disabled upon closing the Management Console/Dashboard. This makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt.

Recommendations For McAfee Email and Web Security (EWS) versions 5.x through 5.5 before Patch 6, apply Patch 6 to resolve the issue. For McAfee Email and Web Security (EWS) version 5.6 before Patch 3, apply Patch 3 to resolve the issue. For McAfee Email Gateway (MEG) versions 7.0 before Patch 1, apply Patch 1 to resolve the issue.