Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
BID:53442
Info
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
| Bugtraq ID: | 53442 |
| Class: | Design Error |
| CVE: |
CVE-2012-0298 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2012 12:00AM |
| Updated: | Jun 28 2012 12:10PM |
| Credit: | An anonymous researcher |
| Vulnerable: |
Symantec Web Gateway 5.0.1 Symantec Web Gateway 5.0 |
| Not Vulnerable: |
Symantec Web Gateway 5.0.3 |
Discussion
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
Symantec Web Gateway is prone to an unauthorized-access vulnerability that could allow an attacker to download or delete arbitrary files.
A successful exploit could render the system unusable.
Symantec Web Gateway is prone to an unauthorized-access vulnerability that could allow an attacker to download or delete arbitrary files.
A successful exploit could render the system unusable.
Exploit / POC
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
Attackers can exploit this issue using a browser.
The following example URI is available:
https://www.example.com/spywall/download_file.php?d=/tmp/addroutelog&name=addroutelog
Attackers can exploit this issue using a browser.
The following example URI is available:
https://www.example.com/spywall/download_file.php?d=/tmp/addroutelog&name=addroutelog
Solution / Fix
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
References:
References:
- Symantec Web Gateway (Symantec)
- SYM12-006 Symantec Web Gateway Multiple Security Issues (Symantec)