Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
BID:9755
Info
Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9755 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0192 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to Brian Soby, Raytheon <[email protected]> |
| Vulnerable: |
Symantec Symantec Gateway Security 5400 Series 2.0 |
| Not Vulnerable: | |
Discussion
Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
Exploit / POC
Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
The following proof of concept has been supplied:
https://example.com:2456/sgmi/<script>badscript</script>
The following proof of concept has been supplied:
https://example.com:2456/sgmi/<script>badscript</script>
Solution / Fix
Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
Solution:
Symantec has released an advisory (SYM04-003) and fix for this issue. The fix is included in the SG8000-20040130-00 - February hotfix bundle. It is also available via the web at the following location:
Symantec Symantec Gateway Security 5400 Series 2.0
Solution:
Symantec has released an advisory (SYM04-003) and fix for this issue. The fix is included in the SG8000-20040130-00 - February hotfix bundle. It is also available via the web at the following location:
Symantec Symantec Gateway Security 5400 Series 2.0
-
Symantec bundle-sgs20.exe
ftp://ftp.symantec.com/public/updates/bundle-sgs20.exe
References
Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability
References:
References: