漏洞类别:CGI漏洞等级: 
漏洞信息
Symantec Web Gateway is a web security gateway appliance. Symantec Web Gateway is exposed to multiple security issues: 1) The application improperly validates input passed via the "filename" parameter to spywall/pbcontrol.php.
2) Input passed via the "language" parameter to spywall/languageTest.php is not properly verified before being used to include files.
3) Certain unspecified input passed to the management console is not properly sanitized before being used in a SQL query.
4) The application improperly validates certain input to multiple scripts via the management console.
5) The application improperly validates certain input via the management console.
6) Input passed via the "ip" parameter to spywall/ldap_latest.php and to spywall/blocked.php is not properly sanitised before being used in a SQL query.
Affected Versions:-
Symantec Web Gateway versions prior to 5.0.3.18.
漏洞危害
Successful exploits will result in the execution of arbitrary attacker-supplied commands in the context of the affected application.
解决方案
The issues has been resolved in Symantec Web Gateway version 5.0.3.18 or apply Database update 5.0.0.438. Please refer to Symantec Advisory SYM12-011 for more details. Patch:
Following are links for downloading patches to fix the vulnerabilities: SYM12-011 (Symantec Web Gateway ) Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1005181: 1005181 - Symantec Web Gateway Remote Shell Command Execution Vulnerability0day
文章评论