VYPR
Medium severity6.1NVD Advisory· Published May 17, 2017· Updated Jun 17, 2026

CVE-2017-4011

CVE-2017-4011

Description

Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

Affected products

2
  • cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*range: <=9.3.0
    • (no CPE)range: 9.3.x

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.