The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.

According to its self-reported version number, the remote web server is hosting Symantec Web Gateway before version 5.0.3, which has the following vulnerabilities :

  -There are multiple cross-site scripting vulnerabilities.
   (CVE-2012-0296)

  - Multiple shell command injection and local file inclusion     vulnerabilities exist that could lead to arbitrary code     execution. (CVE-2012-0297)

  - Unauthenticated users are allowed to read/delete arbitrary     files as root. (CVE-2012-0298)

  - A file upload vulnerability exists that could lead to     arbitrary code execution. (CVE-2012-0299)

A remote, unauthenticated attacker could exploit the code execution vulnerabilities to execute commands as the apache user.  After exploitation, obtaining a root shell is trivial.

Detections

Analytics

CVE-2012-0298

critical

Tenable Plugins

critical