ID de Prueba:	1.3.6.1.4.1.25623.1.0.805228
Categoría:	Web application abuses
Título:	Symantec Web Gateway Multiple Vulnerabilities -02 (Dec 2014)
Resumen:	Symantec Web Gateway is prone to multiple vulnerabilities.
Descripción:	Summary: Symantec Web Gateway is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors are due to: - An error in the 'clientreport.php' script which do not properly sanitize user-supplied input before using it in SQL queries. - An error in program which do not validate input to multiple unspecified report parameters before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database allowing for the manipulation or disclosure of arbitrary data and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Symantec Web Gateway prior to version 5.2 Solution: Upgrade to Symantec Web Gateway version 5.2 or later. CVSS Score: 5.8 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1651 BugTraq ID: 67754 http://www.securityfocus.com/bid/67754 CERT/CC vulnerability note: VU#719172 http://www.kb.cert.org/vuls/id/719172 http://www.securitytracker.com/id/1030443 Common Vulnerability Exposure (CVE) ID: CVE-2014-1652 BugTraq ID: 67755 http://www.securityfocus.com/bid/67755
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.