Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.804513 |
Kategorie: | Web application abuses |
Titel: | Symantec Endpoint Protection Manager XXE and SQL Injection Vulnerabilities |
Zusammenfassung: | The host is installed with Symantec Endpoint Protection Manager and is prone; to XXE and SQL injection vulnerabilities. |
Beschreibung: | Summary: The host is installed with Symantec Endpoint Protection Manager and is prone to XXE and SQL injection vulnerabilities. Vulnerability Insight: Flaw is due to an error when handling XML data within the servlet/ConsoleServlet. Vulnerability Impact: Successful exploitation will allow attackers to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service). Affected Software/OS: Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080 Solution: Upgrade Symantec Endpoint Protection Manager to version 11.0.7405.1424 or 12.1.4023.4080 or later, and Symantec Protection Center Small Business Edition to version 12.1.4023.4080 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 65466 BugTraq ID: 65467 Common Vulnerability Exposure (CVE) ID: CVE-2013-5014 http://www.securityfocus.com/bid/65466 http://www.exploit-db.com/exploits/31853 http://www.exploit-db.com/exploits/31917 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt Common Vulnerability Exposure (CVE) ID: CVE-2013-5015 http://www.securityfocus.com/bid/65467 http://osvdb.org/103306 |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |