CVE-2017-4011

Name of the Vulnerable Software and Affected Versions McAfee Network Data Loss Prevention (NDLP) versions 9.3.x

Description The issue allows remote attackers to obtain session or cookie information by modifying the HTTP request, which can lead to unauthorized access. This is due to an Embedding Script (XSS) in HTTP Headers vulnerability in the server.

Recommendations For McAfee Network Data Loss Prevention (NDLP) versions 9.3.x, consider restricting access to sensitive information and session cookies until a fix is available. As a temporary workaround, review and limit the modification of HTTP requests to prevent exploitation.