10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Added: 06/11/2012
CVE: CVE-2012-0297
BID: 53444
OSVDB: 82023
Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway fails to properly sanitize user-supplied input passed to “/spywall/releasenotes.php” via the “relfile” parameter. This can be exploited to execute arbitrary PHP code.
Upgrade Symantec Web Gateway to version 5.0.3 or higher.
<http://secunia.com/advisories/49216>
[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00
>)
This exploit has been tested against Symantec Web Gateway 5.0.0.216 and 5.0.2.8
Linux