Symantec Web Gateway Remote Shell Command Execution Vulnerability Network Vulnerability

Summary

This host is running Symantec Web Gateway and is prone to command execution vulnerability.

Impact

Successful exploits will result in the execution of arbitrary attack supplied commands in the context of the affected application. Impact Level: System/Application

Solution

Upgrade to Symantec Web Gateway version 5.0.3 or later, For updates refer to http://www.symantec.com/business/web-gateway

Insight

The flaw is due to an improper validation of certain unspecified input. This can be exploited to execute arbitrary code by injecting crafted data or including crafted data.

Affected

Symantec Web Gateway versions 5.0.x before 5.0.3

References

http://osvdb.org/82023
http://secunia.com/advisories/49216
http://www.exploit-db.com/exploits/18932
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0297, CVE-2012-0299

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Agora CGI Cross Site Scripting
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities
'research_display.php' SQL Injection Vulnerability

Take action and discover your vulnerabilities