CVE-2019-3660: Advanced Threat Defense (ATD) - Improper Neutralization of HTTP requests
First published: Wed Nov 13 2019(Updated: )
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Advanced Threat Defense | <4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3660?
CVE-2019-3660 is a vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 that allows a remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
How does CVE-2019-3660 affect McAfee Advanced Threat Defense?
CVE-2019-3660 affects McAfee Advanced Threat Defense versions prior to 4.8.
What is the severity of CVE-2019-3660?
CVE-2019-3660 has a severity level of 8.8, which is classified as high.
How can an attacker exploit CVE-2019-3660?
An attacker can exploit CVE-2019-3660 by sending carefully constructed HTTP requests to the affected McAfee Advanced Threat Defense server.
Is there a fix available for CVE-2019-3660?
Yes, the fix for CVE-2019-3660 is to update McAfee Advanced Threat Defense to version 4.8 or above.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee advanced threat defense