Web application abuses : Symantec Web Gateway Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802661

Categoría: Web application abuses

Título: Symantec Web Gateway Multiple Vulnerabilities

Resumen: Symantec Web Gateway is prone to multiple vulnerabilities.

Descripción: Summary:
Symantec Web Gateway is prone to multiple vulnerabilities.

Vulnerability Insight:
- The application improperly validates certain input to multiple scripts via
the management console and can be exploited to inject arbitrary shell
commands.

- An error within the authentication mechanism of the application can be
exploited to bypass the authentication by modification of certain local
files.

- Certain unspecified input passed to the management console is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

- The application improperly validates certain input via the management
console and can be exploited to change the password of an arbitrary user
of the application.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary code in
the context of the application, bypass certain security restrictions and
conduct SQL injection attacks.

Affected Software/OS:
Symantec Web Gateway versions 5.0.x before 5.0.3.18

Solution:
Upgrade to Symantec Web Gateway version 5.0.3.18 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2953
BugTraq ID: 54426
http://www.securityfocus.com/bid/54426
CERT/CC vulnerability note: VU#108471
http://www.kb.cert.org/vuls/id/108471
Common Vulnerability Exposure (CVE) ID: CVE-2012-2957
BugTraq ID: 54429
http://www.securityfocus.com/bid/54429
XForce ISS Database: symantec-web-mechanism-file-include(77113)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77113
Common Vulnerability Exposure (CVE) ID: CVE-2012-2574
BugTraq ID: 54424
http://www.securityfocus.com/bid/54424
XForce ISS Database: symantec-blocked-sql-injection(77112)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77112
Common Vulnerability Exposure (CVE) ID: CVE-2012-2961
BugTraq ID: 54425
http://www.securityfocus.com/bid/54425
XForce ISS Database: symantec-gateway-ldaplatest-sql-injection(77116)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77116
Common Vulnerability Exposure (CVE) ID: CVE-2012-2976
BugTraq ID: 54427
http://www.securityfocus.com/bid/54427
Common Vulnerability Exposure (CVE) ID: CVE-2012-2977
BugTraq ID: 54430
http://www.securityfocus.com/bid/54430

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802661
Categoría:	Web application abuses
Título:	Symantec Web Gateway Multiple Vulnerabilities
Resumen:	Symantec Web Gateway is prone to multiple vulnerabilities.
Descripción:	Summary: Symantec Web Gateway is prone to multiple vulnerabilities. Vulnerability Insight: - The application improperly validates certain input to multiple scripts via the management console and can be exploited to inject arbitrary shell commands. - An error within the authentication mechanism of the application can be exploited to bypass the authentication by modification of certain local files. - Certain unspecified input passed to the management console is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. - The application improperly validates certain input via the management console and can be exploited to change the password of an arbitrary user of the application. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code in the context of the application, bypass certain security restrictions and conduct SQL injection attacks. Affected Software/OS: Symantec Web Gateway versions 5.0.x before 5.0.3.18 Solution: Upgrade to Symantec Web Gateway version 5.0.3.18 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2953 BugTraq ID: 54426 http://www.securityfocus.com/bid/54426 CERT/CC vulnerability note: VU#108471 http://www.kb.cert.org/vuls/id/108471 Common Vulnerability Exposure (CVE) ID: CVE-2012-2957 BugTraq ID: 54429 http://www.securityfocus.com/bid/54429 XForce ISS Database: symantec-web-mechanism-file-include(77113) https://exchange.xforce.ibmcloud.com/vulnerabilities/77113 Common Vulnerability Exposure (CVE) ID: CVE-2012-2574 BugTraq ID: 54424 http://www.securityfocus.com/bid/54424 XForce ISS Database: symantec-blocked-sql-injection(77112) https://exchange.xforce.ibmcloud.com/vulnerabilities/77112 Common Vulnerability Exposure (CVE) ID: CVE-2012-2961 BugTraq ID: 54425 http://www.securityfocus.com/bid/54425 XForce ISS Database: symantec-gateway-ldaplatest-sql-injection(77116) https://exchange.xforce.ibmcloud.com/vulnerabilities/77116 Common Vulnerability Exposure (CVE) ID: CVE-2012-2976 BugTraq ID: 54427 http://www.securityfocus.com/bid/54427 Common Vulnerability Exposure (CVE) ID: CVE-2012-2977 BugTraq ID: 54430 http://www.securityfocus.com/bid/54430
Copyright	Copyright (C) 2012 Greenbone AG