Multiple vulnerabilities in Symantec Web Gateway eliminated
The GUI for the administration front end of Symantec Web Gateway 5.0 allows a series of attacks to occur which can, at worst, let attackers execute their own commands or code on the gateway. Demonstration exploits and a Metasploit module that implements the attacks are already publicly available.
Symantec has now provided Symantec Web Gateway 5.0.3, which fixes the four vulnerabilities: two highly rated code/command injection flaws and two medium rated flaws related to file download/deletion and exposure to cross-site scripting.
- Symantec Web Gateway Multiple Security Issues, a security advisory from Symantec.