Summary
This host is installed with Symantec Web
Gateway and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to inject and execute arbitrary commands, and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: System/Application
Solution
Upgrade to Symantec Web Gateway version
5.2.1 or later. For updates refer http://www.symantec.com/web-gateway/
Insight
Multiple errors are due to,
- An error in user.php script which do not properly sanitize user-supplied input before using it in SQL queries.
- An error in the console interface that is triggered as SNMPConfig.php fails to properly sanitize input.
Affected
Symantec Web Gateway prior to version
5.2.1
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5017, CVE-2014-1650 -
CVSS Base Score: 7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities