cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
klara
Level 10
Report Inappropriate Content
Message 1 of 3

Email Gateway Vulnerabilities

Jump to solution

Hi everyone,

We just did a vulenrability scanning to the Email Gateway and we find a lot of vulnerabilities. Do you guys know how is the process to resolved those vulnerabilities?

Do you know any documentation about it?

these are some of the most critical vulnerabilities,

  • CRIME SSL/TLS attack
  • CRLF injection/HTTP response splitting
  • The Heartbleed Bug

Thanks a lot for the informatition,

Atte,

Keila Lara

1 Solution

Accepted Solutions
eplossl
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Email Gateway Vulnerabilities

Jump to solution

If you believe that there are vulnerabilities in the MEG appliance, the first thing to do is to check the CVE numbers for the vulnerabilities in question against our Knowledge Base.  When we become aware of CVEs people have found when testing our products, we investigate the vulnerability reports and advise as to whether or not we are vulnerable.  In some cases, we find that we are vulnerable and thus fix the issue.  For all CVEs for which you don't find a KB, I recommend calling in to Support and opening a ticket.  When you do that, provide the results of your test, including relevant CVE numbers, to the Support representative.  They can then get the ticket escalated to the SEO (Support Engineering Operations) team so that we can get the issues looked into by Development.  In many cases, we find that the scanning tools indicate vulnerabilities based only upon the presence of features, without taking into account versions of libraries in effect, and thus although it shows a vulnerability, there really isn't one. That said, we want to investigate each potential vulnerability so that we can resolve those issues.

View solution in original post

2 Replies
eplossl
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Email Gateway Vulnerabilities

Jump to solution

If you believe that there are vulnerabilities in the MEG appliance, the first thing to do is to check the CVE numbers for the vulnerabilities in question against our Knowledge Base.  When we become aware of CVEs people have found when testing our products, we investigate the vulnerability reports and advise as to whether or not we are vulnerable.  In some cases, we find that we are vulnerable and thus fix the issue.  For all CVEs for which you don't find a KB, I recommend calling in to Support and opening a ticket.  When you do that, provide the results of your test, including relevant CVE numbers, to the Support representative.  They can then get the ticket escalated to the SEO (Support Engineering Operations) team so that we can get the issues looked into by Development.  In many cases, we find that the scanning tools indicate vulnerabilities based only upon the presence of features, without taking into account versions of libraries in effect, and thus although it shows a vulnerability, there really isn't one. That said, we want to investigate each potential vulnerability so that we can resolve those issues.

klara
Level 10
Report Inappropriate Content
Message 3 of 3

Re: Email Gateway Vulnerabilities

Jump to solution

I just found the heartbleed vulnerability, but nothing else..

thanks a lot for yous response

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community