CVE-2012-2976

2012-07-2317:55:03

CWE-78

certcc

web.nvd.nist.gov

cve-2012-2976

symantec

web gateway

remote code execution

injection issue

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.002

Percentile

57.8%

JSON

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an “injection” issue.

Affected configurations

Nvd

Node

symantecweb_gatewayMatch5.0

symantecweb_gatewayMatch5.0.1

symantecweb_gatewayMatch5.0.2

symantecweb_gatewayMatch5.0.3

VendorProductVersionCPE
symantecweb_gateway5.0cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*
symantecweb_gateway5.0.1cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*
symantecweb_gateway5.0.2cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*
symantecweb_gateway5.0.3cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	web_gateway	5.0	cpe:2.3:a:symantec:web_gateway:5.0:::::::*
symantec	web_gateway	5.0.1	cpe:2.3:a:symantec:web_gateway:5.0.1:::::::*
symantec	web_gateway	5.0.2	cpe:2.3:a:symantec:web_gateway:5.0.2:::::::*
symantec	web_gateway	5.0.3	cpe:2.3:a:symantec:web_gateway:5.0.3:::::::*