Summary
This host is installed with Symantec
Endpoint Protection Manager and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to gain access to arbitrary files, write to or overwrite arbitrary files and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to Symantec Endpoint Protection Manager
12.1 RU5 or later. For updates refer http://www.symantec.com
Insight
Multiple flaws are due to,
- The /console/Highlander_docs/SSO-Error.jsp script does not validate input to the 'ErrorMsg' parameter before returning it to users.
- ConsoleServlet does not properly sanitize user input supplied via the 'ActionType' parameter.
- Incorrectly configured XML parser accepting XML external entities from an untrusted source.
- The /portal/Loading.jsp script does not validate input to the 'uri' parameter before returning it to users.
Affected
Symantec Endpoint Protection Manager (SEPM)
12.1 before RU5.
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-3437, CVE-2014-3438, CVE-2014-3439 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
- Acidcat CMS Multiple Vulnerabilities
- Assesi 'bg' Parameter SQL Injection vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability