Symantec Web Gateway Password Change Security Bypass Vulnerability Network Vulnerability

Summary

Symantec Web Gateway is prone to a security-bypass vulnerability. Successful exploits may allow attackers to change another user's password allowing them to gain unauthorized access in the context of the affected user. This may aid in further attacks. Symantec Web Gateway versions 5.0.x.x are vulnerable.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.securityfocus.com/bid/54430
http://www.symantec.com/business/web-gateway

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2977

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability

Take action and discover your vulnerabilities