9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Summary
Symantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user’s session, redirect a Tomcat user to an arbitrary URL, execute arbitrary JavaScript code in a Tomcat user’s web browser, bypass a web proxy in front of the Tomcat server, or cause denial of service. A local user can escalate their privileges on the system.
Affected Product(s)
The following products and product versions are vulnerable to the CVEs listed for each product.
CVE |Supported Version(s)|Remediation
CVE-2018-11784, CVE-2020-1935 | 6.7 | Upgrade to 6.7.5.3.
7.1 | Remediation will not be provided.
7.2 | Upgrade to 7.2.1.1.
CVE |Supported Version(s)|Remediation
CVE-2018-11784 | 2.3 | Upgrade to 2.3.5.1.
2.4 and later | Not vulnerable, fixed in 2.4.1.1
CVE-2020-1935 | 2.3 | Upgrade to a later version with fixes.
2.4, 3.0 | Remediation is not available at this time.
3.1 | Not vulnerable, fixed in 3.1.0.0
CVE |Supported Version(s)|Remediation
CVE-2019-17563, CVE-2020-1935 | 2.3, 2.4 | Upgrade to a later version with fixes.
3.0 | Not vulnerable, fixed in 3.0.1.1
CVE |Supported Version(s)|Remediation
CVE-2020-1935 | 10.7 | Remediation is not available at this time.
Additional Product Information
CVE-2020-1935 is exploitable in ASG, CA, and MC only when the products are deployed behind a reverse proxy.
CVE-2020-1935 is exploitable in SMG only when the SMG Control Center is deployed behind a reverse proxy. SMG Scanners are not vulnerable to CVE-2020-1935 even when deployed behind a reverse proxy.
The following products are not vulnerable:
**AuthConnector
BCAAA
CacheFlow (CF)
General Auth Connector Login Application
HSM Agent for the Luna SP
****PacketShaper (PS) S-Series
PolicyCenter (PC) S-Series
ProxySG
Reporter
Security Analytics (SA)
SSL Visibility (SSLV)
Unified Agent
Web Isolation (WI)
WSS Agent
WSS Mobile Agent
**
Issue Details
Severity / CVSS v3.0: | Medium / 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) References:| NVD: CVE-2018-11784 Impact:| Open redirection Description: | An open redirection flaw in the default servlet allows a remote attacker to cause a user to follow a crafted URL and redirect the user to an arbitrary URL of the attacker’s choice.
Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2019-0199 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to generate crafted streams to the web server and cause denial of service through thread exhaustion.
Severity / CVSS v3.0: | Medium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) References:| NVD: CVE-2019-0221 Impact:| Cross-site scripting (XSS) Description: | A reflected XSS flaw in the SSI printenv command allows a remote attacker to cause a user to follow a crafted URL and execute injected JavaScript code in the user’s browser.
Severity / CVSS v3.0: | High / 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2019-0232 Impact:| Remote code execution Description: | A flaw in the CGI servlet on Windows platforms allows a remote attacker to execute arbitrary code on the target host.
Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2019-10072 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to generate crafted streams to the web server and cause denial of service through thread exhaustion. This is caused by an incomplete fix for CVE-2019-0199.
Severity / CVSS v3.0: | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2019-12418 Impact:| Privilege escalation Description: | A flaw in the JMX Remote Lifecycle Listener allows a local attacker to manipulate the local RMI registry and escalate their privileges on the system by capturing credentials for the JMX interface and gaining control of the Tomcat server.
Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) References:| NVD: CVE-2019-17563 Impact:| Session hijacking Description: | A flaw in FORM authentication allows a remote attacker to perform a session fixation attack and take over a user’s authentication session.
Severity / CVSS v3.0: | Medium / 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) References:| NVD: CVE-2019-17569 Impact:| Security control bypass Description: | A flaw in HTTP Transfer-Encoding header processing allows a remote attacker to perform an HTTP request smuggling attack and bypass a reverse proxy in front of the Tomcat server. The reverse proxy must handle the Transfer-Encoding header incorrectly in a particular way.
Severity / CVSS v3.0: | Medium / 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) References:| NVD: CVE-2020-1935 Impact:| Security control bypass Description: | A flaw in HTTP header processing allows a remote attacker to perform an HTTP request smuggling attack and bypass a reverse proxy in front of the Tomcat server. The reverse proxy must handle the Transfer-Encoding header incorrectly in a particular way.
Severity / CVSS v3.0: | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2020-1938 Impact:| Information disclosure, remote code execution Description: | A flaw in the AJP connector allows a remote attacker to read arbitrary files from the target server. If the server allows file uploads and JSP processing, the remote attacker can also execute arbitrary code on the target server.
**
Revisions**
2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable.
2021-02-18 A fix for CA 2.3 and MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-11-12 Content Analysis 3.1 is not vulnerable because a fix is available in 3.1.0.0.
2020-08-19 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-06-01 A fix for Advanced Secure Gateway (ASG) 7.2 is available in 7.2.1.1.
2020-05-12 initial public release
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C