BID:104182

Symantec Content Analysis and Mail Transfer Defense Cross Site Request Forgery Vulnerability

Info

Symantec Content Analysis and Mail Transfer Defense Cross Site Request Forgery Vulnerability

Bugtraq ID:	104182
Class:	Input Validation Error
CVE:	CVE-2016-9092
Remote:	Yes
Local:	No
Published:	May 17 2018 12:00AM
Updated:	May 17 2018 12:00AM
Credit:	Peter Paccione, Chris Hebert, and Corey Boyd
Vulnerable:	Bluecoat Mail Threat Defense 1.1 Bluecoat Content Analysis 2.1 Bluecoat Content Analysis 1.3

Not Vulnerable:	Bluecoat Content Analysis 2.1.1.1 Bluecoat Content Analysis 1.3.7.3

Discussion

Symantec Content Analysis and Mail Transfer Defense Cross Site Request Forgery Vulnerability

Symantec Content Analysis and Mail Transfer Defense is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Solution / Fix

Symantec Content Analysis and Mail Transfer Defense Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Symantec Content Analysis and Mail Transfer Defense Cross Site Request Forgery Vulnerability

References:

Symantec Homepage (Symantec)
SA149: CSRF Vulnerability in CA and MTD (Symantec)