Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

According to its self-reported version number, the remote web server is hosting Symantec Web Gateway before version 5.0.3, which has the following vulnerabilities :

  -There are multiple cross-site scripting vulnerabilities.
   (CVE-2012-0296)

  - Multiple shell command injection and local file inclusion     vulnerabilities exist that could lead to arbitrary code     execution. (CVE-2012-0297)

  - Unauthenticated users are allowed to read/delete arbitrary     files as root. (CVE-2012-0298)

  - A file upload vulnerability exists that could lead to     arbitrary code execution. (CVE-2012-0299)

A remote, unauthenticated attacker could exploit the code execution vulnerabilities to execute commands as the apache user.  After exploitation, obtaining a root shell is trivial.

The remote web server is hosting a version of Symantec Web Gateway that is vulnerable to cross-site scripting attacks.  Input to the 'l' parameter of timer.php is not properly sanitized.  An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution.  There are reportedly other cross-site scripting vulnerabilities in this version of the software, though Nessus has not checked for those issues.

ID	Name	Product	Family	Severity
59209	Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check)	Nessus	CGI abuses	critical
59097	Symantec Web Gateway timer.php XSS (SYM12-006)	Nessus	CGI abuses : XSS	medium

Detections

Analytics

CVE-2012-0296

medium

Tenable Plugins

critical

medium