Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability
BID:53443
Info
Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability
| Bugtraq ID: | 53443 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0299 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2012 12:00AM |
| Updated: | Jun 17 2012 12:00AM |
| Credit: | An anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure project. |
| Vulnerable: |
Symantec Web Gateway 5.0.1 Symantec Web Gateway 5.0 |
| Not Vulnerable: |
Symantec Web Gateway 5.0.3 |
Discussion
Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability
Symantec Web Gateway is prone to an arbitrary file-upload vulnerability.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or OS command execution with elevated privileges; other attacks are also possible.
Symantec Web Gateway is prone to an arbitrary file-upload vulnerability.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or OS command execution with elevated privileges; other attacks are also possible.
Exploit / POC
Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
References
Symantec Web Gateway Management Scripts Arbitrary File Upload Vulnerability
References:
References:
- Symantec Web Gateway (Symantec)
- SYM12-006 Symantec Web Gateway Multiple Security Issues (Symantec)