Computer Security

Symantec WebGateway security vulnerabilities
SecurityVulns ID:12416
Description:Code execution, unfiltered shell characters.
Affected:SYMANTEC : Symantec Web Gateway 5.0
CVE:CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.)
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.)
Original documentdocumentZDI, ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability (13.06.2012)
Discuss:Read or add your comments to this news (9 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod