Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Symantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008)



The web security application running on the remote web server has multiple vulnerabilities


The remote web server is hosting Symantec Web Gateway application. Versions of Symantec Web Gateway 5.1.x, are potentially affected by the following vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist.(CVE-2013-4670)

- It is possible to inject arbitrary operating system commands via the 'nameConfig.php' and 'networkConfig.php' scripts. (CVE-2013-1616)

- A misconfiguration in the '/etc/sudoers' file allows the user's 'apache' and 'admin' to run several commands with root privileges. (CVE-2013-4672)

- Multiple SQL injection vulnerabilities exist.(CVE-2013-1617)

- A cross-site request forgery vulnerability exists in the' ldapConfig.php' script. CVE-2013-4671).


Upgrade to Symantec Web Gateway version 5.1.1 or later.