In association with heise online

12 June 2012, 16:59

Multiple vulnerabilities in Symantec Web Gateway eliminated

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec logo The GUI for the administration front end of Symantec Web Gateway 5.0 allows a series of attacks to occur which can, at worst, let attackers execute their own commands or code on the gateway. Demonstration exploits and a Metasploit module that implements the attacks are already publicly available.

Symantec has now provided Symantec Web Gateway 5.0.3, which fixes the four vulnerabilities: two highly rated code/command injection flaws and two medium rated flaws related to file download/deletion and exposure to cross-site scripting.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit