CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 08/24/2012
CVE: CVE-2012-2953
BID: 54426
OSVDB: 84120
Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to spywall/pbcontrol.php
failing to properly sanitize input passed via the filename
parameter. This may allow a remote attacker to execute arbitrary shell commands.
Upgrade to Symantec Web Gateway 5.0.3.18 or later with the Database Update 5.0.0.438 or later.
[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00
>)
This exploit was tested against Symantec Web Gateway 5.0.0.216 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.
Linux