Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Symantec Web Gateway login.php Blind SQL Injection (SYM11-001)

High

Synopsis

The web security application running on the remote host has a SQL injection vulnerability.

Description

Versions of Symantec Web Gateway 4.5 earlier than 4.5.0.376 are potentially affected by a SQL injection vulnerability. Input to the 'USERNAME' parameter of the 'login.php' script is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary SQL queries.

Solution

Upgrade to Symantec Web Gateway version 4.5.0.376 or later.