CVE-2006-6477

Name of the Vulnerable Software and Affected Versions Mandiant First Response (MFR) versions prior to 1.1.1

Description The issue allows local users to modify requests and responses between a client and an agent by hijacking an HTTP daemon and conducting a man-in-the-middle (MITM) attack when run in daemon mode and configured to use only HTTP.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the HTTP daemon mode or configuring it to use a secure protocol instead of HTTP to minimize the risk of exploitation.