CVE-2017-3935: Infoleak
First published: Tue Oct 31 2017(Updated: )
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Network Data Loss Prevention | <=9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-3935?
CVE-2017-3935 is considered a critical vulnerability due to its potential to cause data exposure through MIME type sniffing.
How do I fix CVE-2017-3935?
To fix CVE-2017-3935, update to the latest version of McAfee Network Data Loss Prevention that has mitigations in place for MIME type sniffing.
Which versions of McAfee Network Data Loss Prevention are affected by CVE-2017-3935?
CVE-2017-3935 affects McAfee Network Data Loss Prevention versions up to and including 9.3.0.
What are the implications of CVE-2017-3935 for users of Internet Explorer?
Users of older versions of Internet Explorer may experience unintended content being displayed, leading to potential data breaches through MIME type misinterpretation.
Is there a workaround for CVE-2017-3935 until a fix is applied?
A potential workaround for CVE-2017-3935 is to configure the web server to set proper Content-Type headers to mitigate MIME type sniffing.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mcafee
- canonical/mcafee network data loss prevention
- version/mcafee network data loss prevention/9.3.0