Lucene search
Tenable Network SecurityZDI-12-091HistoryJun 08, 2012 - 12:00 a.m.
Symantec Web Gateway upload_file Remote Code Execution Vulnerability
2012-06-0800:00:00
Tenable Network Security
www.zerodayinitiative.com
17
0.97 High
EPSS
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.
Related
cve
cve
CVE-2012-0299
2012-05-21 20:55:17
packetstorm
packetstorm
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
2012-06-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)
2012-11-25 00:00:00
cvelist
cvelist
CVE-2012-0299
2012-05-21 20:00:00
nvd
nvd
CVE-2012-0299
2012-05-21 20:55:17
prion
prion
Code injection
2012-05-21 20:55:00
securityvulns
securityvulns
ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability
2012-06-13 00:00:00
Symantec WebGateway security vulnerabilities
2012-06-13 00:00:00
attackerkb
attackerkb
Symantec Web Gateway upload_file Remote Code Execution Vulnerability
2012-05-21 00:00:00
dsquare
dsquare
Symantec Web Gateway 5.0.2 File Upload
2012-06-09 00:00:00
nessus
nessus
openvas
openvas
Symantec Web Gateway Remote Shell Command Execution Vulnerability
2012-06-01 00:00:00
symantec
symantec
Symantec Web Gateway Multiple Security Issues
2012-05-17 08:00:00