Symantec Reporting Server Improper URL Handling Exposure

medium Nessus Plugin ID 38653


The login page in the remote web server contains a URL handling error.


The remote host is running Symantec Reporting Server, a component of Symantec AntiVirus Corporate Edition, Symantec Client Security, and Symantec Endpoint Protection Manager that serves to create reports about the use of Symantec antivirus products in an enterprise environment.

The installed version of Reporting Server includes user-supplied input to the 'MSG' parameter of the 'Reporting/login/login.php' script on the login page. By tricking an authorized user into clicking on a specially crafted link, an attacker can cause an arbitrary message to be displayed, which in turn could facilitate phishing attacks against the affected site.


Upgrade as described in the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 38653

File Name: symantec_reporting_server_url_handling.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 5/1/2009

Updated: 1/19/2021

Risk Information


Risk Factor: Low

Score: 3.4


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:symantec:reporting_server, cpe:/a:symantec:antivirus, cpe:/a:symantec:antivirus_central_quarantine_server, cpe:/a:symantec:client_security, cpe:/a:symantec:endpoint_protection

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 4/28/2009

Reference Information

CVE: CVE-2009-1432

BID: 34668

CWE: 20

Secunia: 34935

IAVA: 2009-A-0037