53396

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

According to its self-reported version number, the remote web server is hosting Symantec Web Gateway before version 5.0.3, which has the following vulnerabilities :

  -There are multiple cross-site scripting vulnerabilities.
   (CVE-2012-0296)

  - Multiple shell command injection and local file inclusion     vulnerabilities exist that could lead to arbitrary code     execution. (CVE-2012-0297)

  - Unauthenticated users are allowed to read/delete arbitrary     files as root. (CVE-2012-0298)

  - A file upload vulnerability exists that could lead to     arbitrary code execution. (CVE-2012-0299)

A remote, unauthenticated attacker could exploit the code execution vulnerabilities to execute commands as the apache user.  After exploitation, obtaining a root shell is trivial.

The remote web server is hosting a version of Symantec Web Gateway that is vulnerable to cross-site scripting attacks.  Input to the 'l' parameter of timer.php is not properly sanitized.  An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution.  There are reportedly other cross-site scripting vulnerabilities in this version of the software, though Nessus has not checked for those issues.

ID	Name	Product	Family	Severity
59209	Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check)	Nessus	CGI abuses	critical
59097	Symantec Web Gateway timer.php XSS (SYM12-006)	Nessus	CGI abuses : XSS	medium

CVE-2012-0296

medium

Tenable Plugins

critical

medium