Tenable6966.PRMSymantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008)
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
91.6%
The remote web server is hosting Symantec Web Gateway application. Versions of Symantec Web Gateway 5.1.x, are potentially affected by the following vulnerabilities :
-
Multiple cross-site scripting vulnerabilities exist.(CVE-2013-4670)
-
It is possible to inject arbitrary operating system commands via the ‘nameConfig.php’ and ‘networkConfig.php’ scripts. (CVE-2013-1616)
-
A misconfiguration in the ‘/etc/sudoers’ file allows the user’s ‘apache’ and ‘admin’ to run several commands with root privileges. (CVE-2013-4672)
-
Multiple SQL injection vulnerabilities exist.(CVE-2013-1617)
-
A cross-site request forgery vulnerability exists in the’ ldapConfig.php’ script. CVE-2013-4671).
Binary data 6966.prmReferences
archives.neohapsis.com/archives/bugtraq/2013-07/0178.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4673
www.nessus.org/u?1fd5baa6
www.nessus.org/u?d2a4b289
Related
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
91.6%