Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20734
HistoryJul 14, 2011 - 12:00 a.m.

Symantec Web Gateway管理接口"username" SQL注入漏洞

2011-07-1400:00:00
Root
www.seebug.org
10

0.015 Low

EPSS

Percentile

85.3%

JSON

CVE ID:CVE-2011-0549

Symantec Web Gateway是一款Web安全网关硬件设备。
通过"username"参数传递给管理接口中的forget.php的输入在用于SQL查询之前缺少过滤,攻击者可以通过SQL注入攻击获得敏感信息或操作数据库。

Symantec Web Gateway 4.x
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Related

prion 1
zdi 1
securityvulns 1
nessus 1
symantec 1
cve 1
prion
prion
Sql injection
2011-07-11 20:55:00
zdi
zdi
Symantec Web Gateway forget.php SQL Injection Vulnerability
2011-07-07 00:00:00
securityvulns
securityvulns
ZDI-11-233: Symantec Web Gateway forget.php SQL Injection Vulnerability
2011-07-13 00:00:00
nessus
nessus
Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008)
2011-07-20 00:00:00
symantec
symantec
Symantec Web Gateway Blind SQL Injection
2011-07-07 08:00:00
cve
cve
CVE-2011-0549
2011-07-11 20:55:00

0.015 Low

EPSS

Percentile

85.3%

JSON
Related for SSV:20734
prion1zdi1securityvulns1nessus1symantec1cve1