This host is running Symantec Web Gateway and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary code in the context of the application, bypass certain security restrictions and conduct SQL injection attacks. Impact Level: System/Application

Upgrade to Symantec Web Gateway version 5.0.3.18 or later, For updates refer to http://www.symantec.com/business/web-gateway

- The application improperly validates certain input to multiple scripts via the management console and can be exploited to inject arbitrary shell commands. - An error within the authentication mechanism of the application can be exploited to bypass the authentication by modification of certain local files. - Certain unspecified input passed to the management console is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. - The application improperly validates certain input via the management console and can be exploited to change the password of an arbitrary user of the application.

Symantec Web Gateway versions 5.0.x before 5.0.3.18

• http://secunia.com/advisories/50031
• http://www.exploit-db.com/exploits/20038
• http://www.exploit-db.com/exploits/20044
• http://www.exploit-db.com/exploits/20064
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00

---

Updated on 2015-03-25