This host is installed with Symantec Web Gateway and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database allowing for the manipulation or disclosure of arbitrary data and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Upgrade to Symantec Web Gateway version 5.2 or later. For updates refer http://www.symantec.com/web-gateway/

Multiple errors are due to, - An error in the 'clientreport.php' script which do not properly sanitize user-supplied input before using it in SQL queries. - An error in program which do not validate input to multiple unspecified report parameters before returning it to users.

Symantec Web Gateway prior to version 5.2

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://osvdb.org/108183
• http://osvdb.org/108184
• http://www.securitytracker.com/id/1030443
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00

---

Updated on 2015-03-25