logo
DATABASE RESOURCES PRICING ABOUT US

Symantec Web Gateway access_log PHP Injection

Description

Added: 06/11/2012 CVE: [CVE-2012-0297](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0297>) BID: [53444](<http://www.securityfocus.com/bid/53444>) OSVDB: [82023](<http://www.osvdb.org/82023>) ### Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. ### Problem Symantec Web Gateway fails to properly sanitize user-supplied input passed to "/spywall/releasenotes.php" via the "relfile" parameter. This can be exploited to execute arbitrary PHP code. ### Resolution Upgrade Symantec Web Gateway to version 5.0.3 or higher. ### References <http://secunia.com/advisories/49216> [http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 >) ### Limitations This exploit has been tested against Symantec Web Gateway 5.0.0.216 and 5.0.2.8 ### Platforms Linux


Related