CVE-2021-46825
Summary
| CVE | CVE-2021-46825 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-07 16:15:00 UTC |
| Updated | 2023-08-08 14:21:00 UTC |
| Description | Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Risk And Classification
Problem Types: CWE-444
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Broadcom | Advanced Secure Gateway | 6.7 | All | All | All |
| Application | Broadcom | Advanced Secure Gateway | 7.3 | All | All | All |
| Application | Broadcom | Proxysg | 6.7 | All | All | All |
| Application | Broadcom | Proxysg | 7.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support Content Notification - Support Portal - Broadcom support portal | MISC | support.broadcom.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.