Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Symantec Web Gateway contains multiple vulnerabilities
Informations
Name VU#108471 First vendor Publication 2012-07-24
Vendor VU-CERT Last vendor Modification 2012-07-24
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#108471

Symantec Web Gateway contains multiple vulnerabilities

Original Release date: 24 Jul 2012 | Last revised: 24 Jul 2012

Overview

The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection.

Description

The Symantec SYM12-011 advisory states:

    "Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues. Successful exploitation could result in unauthorized command execution on or access to the management console and backend database."


Additional details may be found in the full Symantec SYM12-011 advisory.

Impact

A remote unauthenticated attacker may be able to run unauthorized commands and access the backend database.

Solution

Apply an Update

The Symantec SYM12-011 advisory states:

    "The security update addressing these issues has been pushed to customers as an immediately available update. For customers with automatic updating enabled the update will automatically be applied. Customers that do not have automatic updating enabled will need to manually apply the update by clicking "Check for Updates -> Updates" on the Administration->Updates page for Web Gateway Database Updates and Web Gateway Software Updates.

    To confirm customers are running the latest updates they should check the "Current Software Version -> Current Version" on the Administration->Updates page. Alternatively, customers can click the "Check for Updates" button on the Administration->Updates page to verify that they are running the latest software version."

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SymantecAffected25 Jun 201224 Jul 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base8.3AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal7.9E:F/RL:ND/RC:C
Environmental7.9CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

Credit

Thanks to Offensive Security and Tenable Network Security for reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2953CVE-2012-2957CVE-2012-2574CVE-2012-2961CVE-2012-2976CVE-2012-2977
  • Date Public:20 Jul 2012
  • Date First Published:24 Jul 2012
  • Date Last Updated:24 Jul 2012
  • Document Revision:16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/108471

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
33 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

SAINT Exploits

Description Link
Symantec Web Gateway pbcontrol.php Command Injection More info here

OpenVAS Exploits

Date Description
2012-08-22 Name : Symantec Web Gateway Password Change Security Bypass Vulnerability
File : nvt/gb_symantec_web_gateway_54430.nasl
2012-07-26 Name : Symantec Web Gateway Remote Shell Command Execution Vulnerability
File : nvt/gb_symantec_web_gateway_54426.nasl
2012-07-24 Name : Symantec Web Gateway Local File Manipulation Authentication Bypass Vulnerability
File : nvt/gb_symantec_web_gateway_54429.nasl
2012-07-24 Name : Symantec Web Gateway Multiple Vulnerabilities
File : nvt/gb_symantec_web_gateway_mult_vuln.nasl

Snort® IPS/IDS

Date Description
2014-03-15 Symantec Web Gateway languagetest.php language parameter directory traversal ...
RuleID : 29746 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 Symantec Web Gateway blocked.php blind sql injection attempt
RuleID : 23934 - Revision : 11 - Type : SERVER-WEBAPP
2014-01-10 Symantec Web Gateway blocked.php id parameter sql injection attempt
RuleID : 23784 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 Symantec Web Gateway pbcontrol.php filename parameter command injection attempt
RuleID : 23783 - Revision : 12 - Type : SERVER-WEBAPP
2014-01-10 PHP uri tag injection attempt
RuleID : 23111 - Revision : 12 - Type : POLICY-OTHER

Nessus® Vulnerability Scanner

Date Description
2012-08-06 Name : The remote host is affected by a shell command execution vulnerability.
File : symantec_web_gateway_rce.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2012-08-06 Name : A web security application hosted on the remote web server is affected by a S...
File : symantec_web_gateway_search_sqli.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:07:30
  • Multiple Updates