Tenable6966.PRMSymantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008)
The remote web server is hosting Symantec Web Gateway application. Versions of Symantec Web Gateway 5.1.x, are potentially affected by the following vulnerabilities :
-
Multiple cross-site scripting vulnerabilities exist.(CVE-2013-4670)
-
It is possible to inject arbitrary operating system commands via the ‘nameConfig.php’ and ‘networkConfig.php’ scripts. (CVE-2013-1616)
-
A misconfiguration in the ‘/etc/sudoers’ file allows the user’s ‘apache’ and ‘admin’ to run several commands with root privileges. (CVE-2013-4672)
-
Multiple SQL injection vulnerabilities exist.(CVE-2013-1617)
-
A cross-site request forgery vulnerability exists in the’ ldapConfig.php’ script. CVE-2013-4671).
Binary data 6966.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | web_gateway | cpe:/a:symantec:web_gateway |
References
archives.neohapsis.com/archives/bugtraq/2013-07/0178.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4673
www.nessus.org/u?1fd5baa6
www.nessus.org/u?d2a4b289
Related
