VU#108471

54429

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

symantec-web-mechanism-file-include(77113)

The Symantec Web Gateway install on the remote host is affected by a remote shell command execution vulnerability due to its failure to sanitize input to the 'ip' parameter of the 'fromha.php' script.

An unauthenticated, remote attacker can exploit this vulnerability to save a random PHP script on the affected host and then execute that as a privileged user. 

Note that this install is likely affected by several other issues, although this plugin has not checked for them.

CVE-2012-2957

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins