Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check)
Critical Nessus Plugin ID 59209
A web security application hosted on the remote web server has multiple vulnerabilities.
According to its self-reported version number, the remote web server is hosting Symantec Web Gateway before version 5.0.3, which has the following vulnerabilities : -There are multiple cross-site scripting vulnerabilities. (CVE-2012-0296) - Multiple shell command injection and local file inclusion vulnerabilities exist that could lead to arbitrary code execution. (CVE-2012-0297) - Unauthenticated users are allowed to read/delete arbitrary files as root. (CVE-2012-0298) - A file upload vulnerability exists that could lead to arbitrary code execution. (CVE-2012-0299) A remote, unauthenticated attacker could exploit the code execution vulnerabilities to execute commands as the apache user. After exploitation, obtaining a root shell is trivial.
Upgrade to Symantec Web Gateway version 5.0.3 or later.