 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106342 |
| Categoría: | Web application abuses |
| Título: | Symantec Web Gateway OS Command Injection Vulnerability |
| Resumen: | Symantec Web Gateway is prone to a OS command injection vulnerability. |
| Descripción: | Summary: Symantec Web Gateway is prone to a OS command injection vulnerability. Vulnerability Insight: The vulnerable code is located in the /spywall/new_whitelist.php script. The vulnerability exists because the validation checks may be bypassed by setting the 'sid' POST parameter to a value different from zero. In this way, even though the 'white_ip' POST parameter is not a valid domain or IP address, it will be passed to the add_whitelist() function as its $url parameter. Vulnerability Impact: An authenticated attacker may execute arbitrary OS commands with the privileges of the root user of the appliance. Affected Software/OS: Symantec Web Gateway version 5.2.2 and prior. Solution: Update to version 5.2.5 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-5313 BugTraq ID: 93284 http://www.securityfocus.com/bid/93284 http://seclists.org/fulldisclosure/2016/Oct/24 http://packetstormsecurity.com/files/139006/Symantec-Web-Gateway-5.2.2-OS-Command-Injection.html http://www.securitytracker.com/id/1036973 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |