cvelistv5 - cve-2013-1616

cve-2013-1616

Vulnerability from cvelistv5

Published

2013-07-31 15:00

Modified

2024-08-06 15:04

Severity ?

Summary

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

References

URL	Tags
secure@symantec.com	http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
secure@symantec.com	http://www.securityfocus.com/bid/61106
secure@symantec.com	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Vendor Advisory
secure@symantec.com	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61106
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:04:49.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "61106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-15T13:57:00",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "61106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2013-1616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "61106",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61106"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
            },
            {
              "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2013-1616",
    "datePublished": "2013-07-31T15:00:00",
    "dateReserved": "2013-02-04T00:00:00",
    "dateUpdated": "2024-08-06T15:04:49.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-1616\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2013-08-01T13:32:21.367\",\"lastModified\":\"2024-11-21T01:50:00.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.\"},{\"lang\":\"es\",\"value\":\"La consola de gesti\u00f3n de Symantec Web Gateway (SWG) , permite a atacantes remotos ejecutar comandos arbitrarios inyectandolos en el script de una aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"7B2BB75F-9AB3-4A27-993C-BD2077F4F3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F5B7857-75D5-4F77-81BF-7B55F743FD5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4525DE38-3B1F-490C-A772-BA0456FB6126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3956706B-44B9-40BC-9AAB-78A9583A2858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E5B2ABA-234A-43B1-8D91-33255F85AA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6286A061-2426-48A5-BCA2-CAB90D3B7406\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4A72858-FBDC-4587-AC69-0BFA99031F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9149CE42-E9F2-4778-8E79-3E1960F813D3\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html\",\"source\":\"secure@symantec.com\"},{\"url\":\"http://www.securityfocus.com/bid/61106\",\"source\":\"secure@symantec.com\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt\",\"source\":\"secure@symantec.com\"},{\"url\":\"http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/61106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-h6vj-hgf8-4cf9

Vulnerability from github

Published

2022-05-17 04:54

Modified

2022-05-17 04:54

Details

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-01T13:32:00Z",
    "severity": "HIGH"
  },
  "details": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.",
  "id": "GHSA-h6vj-hgf8-4cf9",
  "modified": "2022-05-17T04:54:16Z",
  "published": "2022-05-17T04:54:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1616"
    },
    {
      "type": "WEB",
      "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/61106"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2013-1616

Vulnerability from fkie_nvd

Published

2013-08-01 13:32

Modified

2024-11-21 01:50

Severity ?

Summary

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

References

URL	Tags
secure@symantec.com	http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
secure@symantec.com	http://www.securityfocus.com/bid/61106
secure@symantec.com	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Vendor Advisory
secure@symantec.com	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61106
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

Impacted products

Vendor	Product	Version
symantec	web_gateway	*
symantec	web_gateway	5.0
symantec	web_gateway	5.0.1
symantec	web_gateway	5.0.2
symantec	web_gateway	5.0.3
symantec	web_gateway	5.0.3.18
symantec	web_gateway_appliance_8450	-
symantec	web_gateway_appliance_8490	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2BB75F-9AB3-4A27-993C-BD2077F4F3A9",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F5B7857-75D5-4F77-81BF-7B55F743FD5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4525DE38-3B1F-490C-A772-BA0456FB6126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3956706B-44B9-40BC-9AAB-78A9583A2858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5B2ABA-234A-43B1-8D91-33255F85AA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6286A061-2426-48A5-BCA2-CAB90D3B7406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4A72858-FBDC-4587-AC69-0BFA99031F92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9149CE42-E9F2-4778-8E79-3E1960F813D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script."
    },
    {
      "lang": "es",
      "value": "La consola de gesti\u00f3n de Symantec Web Gateway (SWG) , permite a atacantes remotos ejecutar comandos arbitrarios inyectandolos en el script de una aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2013-1616",
  "lastModified": "2024-11-21T01:50:00.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-01T13:32:21.367",
  "references": [
    {
      "source": "secure@symantec.com",
      "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
    },
    {
      "source": "secure@symantec.com",
      "url": "http://www.securityfocus.com/bid/61106"
    },
    {
      "source": "secure@symantec.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
    },
    {
      "source": "secure@symantec.com",
      "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
    }
  ],
  "sourceIdentifier": "secure@symantec.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. Symantec Web Gateway is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with elevated privileges in the context of the affected appliance. Versions prior to Symantec Web Gateway 5.1.1 are vulnerable. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. A security vulnerability exists in the management console of SWG Appliance 5.1 and earlier. SEC Consult Vulnerability Lab Security Advisory < 20130726-0 > ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version: <= 5.1.0.* fixed version: 5.1.1 CVE number: CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672 impact: Critical homepage: https://www.symantec.com/ found: 2012-12-18 by: Wolfgang Ettlinger SEC Consult Vulnerability Lab https://www.sec-consult.com =======================================================================

Vendor/product description:

"Symantec Web Gateway protects organizations against multiple types of Web-borne malware and gives organizations the flexibility of deploying it as either a virtual appliance or on physical hardware. Powered by Insight, Symantec’s innovative reputation based malware filtering technology, Web Gateway relies on a global network of greater than 210 million systems to identify new threats before they cause disruption in organizations."

URL: https://www.symantec.com/web-gateway

Business recommendation:

SEC Consult has identified several vulnerabilities within the components of Symantec Web Gateway in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all.

An attacker can get unauthorized access to the appliance and plant backdoors or access configuration files containing credentials for other systems (eg. Active Directory/LDAP credentials) which can be used in further attacks. Since all web traffic passes through the appliance, interception of HTTP as well as the plaintext form of HTTPS traffic (if SSL Deep Inspection feature in use), including sensitive information like passwords and session cookies is possible.

If SSL Deep Inspection is enabled, the appliance holds a private key for a Certificate Authority (CA) certificate that is installed/trusted on all workstations in the company. If this private key is compromised by an attacker, arbitrary certificates can be signed. These certificates will then pass validation on the client machines, enabling in various attacks targeting clients (further MITM attacks, phishing, evilgrade, ...).

The recommendation of SEC Consult is to switch off the product until a comprehensive security audit based on a security source code review has been performed and all identified security deficiencies have been resolved by the vendor.

Vulnerability overview/description:

1) Reflected Cross Site Scripting (XSS) (CVE-2013-4670) A reflected cross site scripting vulnerability was found. This allows effective session hijacking attacks of administrator session cookies.

2) Persistent Cross Site Scripting (XSS) (CVE-2013-4670) Moreover a persistent cross site scripting vulnerability allows an unauthenticated user to inject script code into the administration interface. This script code will be executed once an administrator visits the administration interface.

3) OS Command Injection (CVE-2013-1616) Multiple OS command injection vulnerabilities were discovered. Authenticated users can execute arbitrary commands on the underlying operating system with the privileges of the "apache" operating system user.

This can be used to get persistent access to the affected system (eg. by planting backdoors), accessing all kinds of locally stored information or interception of web traffic that passes through the appliance.

4) Security Misconfiguration (CVE-2013-4672) Unprivileged operating system users (eg. apache) can gain root privileges due to a misconfiguration of the sudo program.

5) SQL Injection (CVE-2013-1617) Several SQL injection vulnerabilities were identified that allow an authenticated administrator to issue manipulated SQL commands.

6) Cross Site Request Forgery (CVE-2013-4671) The cross site request forgery protection implemented can be bypassed easily. Using this vulnerability, an attacker can issue requests in the context of administrative user sessions.

Proof of concept:

1) Reflected Cross Site Scripting (XSS) (CVE-2013-4670) The following URL demonstrates a reflected cross site scripting vulnerability:

https:///spywall/feedback_report.php?rpp=0%27%20onfocus=%22alert%28%27xss%27%29%22%20autofocus/%3E

2) Persistent Cross Site Scripting (XSS) (CVE-2013-4670) The "blocked.php" page which is accessible without authentication allows to inject script code to the "Blocking Feedback" functionality on the administration interface. The following URL demonstrates this issue. The payload of the parameter "u" will be stored permanently:

https:///spywall/blocked.php?id=1&history=-2&u=%27/%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E

3) OS Command Injection (CVE-2013-1616) The functionality to change the hostname as well as the "Test Ping" functionality allow to inject commands enclosed in backticks (`). These commands are run as the system user "apache". Affected scripts: /spywall/nameConfig.php /spywall/networkConfig.php

Detailed proof of concept exploits have beem removed for this vulnerability.

4) Security Misconfiguration (CVE-2013-4672) The /etc/sudoers file allows the users "apache" and "admin" to run several critical commands with root privileges. As the user "apache" is able to run commands like "chmod", "chown" and "insmod" without the need of a password, an attacker that is able to issue commands as this user (see 3) can effectively gain root privileges.

5) SQL Injection (CVE-2013-1617) The following URLs demonstrate the SQL injection flaws found by printing the username and password hash of all users:

https:///spywall/feedback_report.php?variable[]=1) UNION SELECT 1,2,3,4,username,6,7,8,9,password FROM users -- &operator[]=notequal&operand[]=x https:///spywall/edit_alert.php?alertid=11%20UNION%20SELECT%201,2,username,password,5,6,7,8,9,10,111,12,13,14,15,16,17,18%20FROM%20users%20--%20

6) Cross Site Request Forgery (CVE-2013-4671) As an example, the following request configures a LDAP server to authenticate administrative users:

POST /spywall/ldapConfig.php HTTP/1.1 Host: Cookie: PHPSESSID= Content-Type: application/x-www-form-urlencoded Content-Length: 247

posttime=9999999999&saveForm=Save&useldap=1&ldap_host=0.0.0.0&ldap_port=389&auth_method=Simple&search_base=dc%3Dtest%2Cdc%3Dlocal&ldap_user=test&ldap_password=test&dept_type=dept&user_attribute=sAMAccountName&user_attribute_other=&ldap_timeout=168

The sole CSRF protection is the "posttime" parameter that contains a unix timestamp that has to be greater than the one in the last request. Using the value of eg. "9999999999" would always succeed.

Attack scenario:

Using the vulnerabilities mentioned above, the following attack has been implemented (the exploit code will not be published):

1) A user protected by Symantec Web Gateway visits a website that embeds an image (possible in most web forums), a URL or an IFrame. The URL of the resource points to a blocked page (eg. the EICAR test file) and also includes script code (Persistent XSS). If the blocked URL contains the parameter "history=-2" (which has been added by the attacker) the URL/script (Persistent XSS) is automatically stored as a "Blocking Feedback" entry in the admin interface 3) When the administrator visits the "Blocking Feedback" page, the injected script is executed. Using the OS command injection flaw, the script now automatically downloads and executes a shell script. 4) As the user "apache" has permission to execute "chmod" and "chown" as root, the shell script can now create a SUID binary and run a reverse shell as root. 5) The attacker can now access the system with highest (root) privileges

Note: This attack only requires a user (protected by the Symantec Web Gateway) to visit a "malicious" page. This can be achieved by sending phishing mails to employees, or embedding images, URLs or IFrames in websites employees would likely visit.

If the attacker has already access to the target network, this is of course not necessary - the persistent XSS vulnerability can be exploited directly.

Note: No prior knowledge about hostnames or internal IP addresses in the target network is needed!

A detailed proof of concept exploit has been created but will not be published.

Vendor contact timeline:

2013-02-22: Sending advisory and proof of concept exploit via encrypted channel. 2013-02-22: Vendor acknowledges receipt of advisory. 2013-03-05: Requesting status update. 2013-03-05: Vendor confirms vulnerabilities, is working on solutions. 2013-03-22: Requesting status update. 2013-03-22: Vendor is still working on solutions. 2013-04-19: Requesting status update and release schedule. 2013-04-19: Vendor is in the "final phases" of releasing an update. 2013-06-05: Sending reminder regarding deadlindes defined in disclosure policy. 2013-06-05: Vendor will release an update in "Mid-July". 2013-07-16: Vendor postpones update to timeframe beween July 22 and 25. 2013-07-25: Vendor releases advisory and product update (version 5.1.1). 2013-07-26: SEC Consult releases coordinated security advisory.

More information can be found at: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

Workaround:

No workaround available.

Advisory URL:

https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab

SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius

Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone: +43 1 8903043 0 Fax: +43 1 8903043 15

Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult

EOF Wolfgang Ettlinger / @2013

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0059",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "5.0.3.18"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "5.0.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "5.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "5.0.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "5.0.2"
      },
      {
        "model": "web gateway appliance 8490",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "5.1"
      },
      {
        "model": "web gateway appliance 8450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "5.1.1"
      },
      {
        "model": "web gateway the appliance 8450",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "web gateway the appliance 8490",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:symantec:web_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:symantec:web_gateway_appliance_8450",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:symantec:web_gateway_appliance_8490",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stefan Viehb??ck of SEC Consult",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2013-1616",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2013-1616",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "VHN-61618",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1616",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1616",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201307-581",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61618",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. Symantec Web Gateway is prone to a remote command-injection vulnerability. \nSuccessful exploits will result in the execution of arbitrary commands with elevated privileges in the context of the affected appliance. \nVersions prior to Symantec Web Gateway 5.1.1 are vulnerable. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. A security vulnerability exists in the management console of SWG Appliance 5.1 and earlier. SEC Consult Vulnerability Lab Security Advisory \u003c 20130726-0 \u003e\n=======================================================================\n              title: Multiple vulnerabilities - Surveillance via Symantec Web\n                     Gateway \n            product: Symantec Web Gateway\n vulnerable version: \u003c= 5.1.0.*\n      fixed version: 5.1.1\n         CVE number: CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, \n                     CVE-2013-4671, CVE-2013-4672\n             impact: Critical\n           homepage: https://www.symantec.com/\n              found: 2012-12-18\n                 by: Wolfgang Ettlinger\n                     SEC Consult Vulnerability Lab \n                     https://www.sec-consult.com\n=======================================================================\n\nVendor/product description:\n-----------------------------\n\"Symantec Web Gateway protects organizations against multiple types of Web-borne\nmalware and gives organizations the flexibility of deploying it as either a \nvirtual appliance or on physical hardware. Powered by Insight, Symantec\u2019s \ninnovative reputation based malware filtering technology, Web Gateway relies on \na global network of greater than 210 million systems to identify new threats \nbefore they cause disruption in organizations.\"\n\nURL: https://www.symantec.com/web-gateway\n\n\nBusiness recommendation:\n------------------------\nSEC Consult has identified several vulnerabilities within the components of\nSymantec Web Gateway in the course of a short crash test. Some components have\nbeen spot-checked, while others have not been tested at all. \n\nAn attacker can get unauthorized access to the appliance and plant backdoors or\naccess configuration files containing credentials for other systems (eg. Active\nDirectory/LDAP credentials) which can be used in further attacks. \nSince all web traffic passes through the appliance, interception of HTTP as\nwell as the plaintext form of HTTPS traffic (if SSL Deep Inspection feature in\nuse), including sensitive information like passwords and session cookies is\npossible. \n\nIf SSL Deep Inspection is enabled, the appliance holds a private key for a\nCertificate Authority (CA) certificate that is installed/trusted on all\nworkstations in the company. If this private key is compromised by an attacker,\narbitrary certificates can be signed. These certificates will then pass\nvalidation on the client machines, enabling in various attacks targeting\nclients (further MITM attacks, phishing, evilgrade, ...). \n\nThe recommendation of SEC Consult is to switch off the product until a\ncomprehensive security audit based on a security source code review has been\nperformed and all identified security deficiencies have been resolved by the\nvendor. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Reflected Cross Site Scripting (XSS) (CVE-2013-4670)\nA reflected cross site scripting vulnerability was found. This allows\neffective session hijacking attacks of administrator session cookies. \n\n\n2) Persistent Cross Site Scripting (XSS) (CVE-2013-4670)\nMoreover a persistent cross site scripting vulnerability allows an \nunauthenticated user to inject script code into the administration interface. \nThis script code will be executed once an administrator visits the\nadministration interface. \n\n\n3) OS Command Injection (CVE-2013-1616)\nMultiple OS command injection vulnerabilities were discovered. Authenticated\nusers can execute arbitrary commands on the underlying operating system with\nthe privileges of the \"apache\" operating system user. \n\nThis can be used to get persistent access to the affected system (eg. by\nplanting backdoors), accessing all kinds of locally stored information or\ninterception of web traffic that passes through the appliance. \n\n\n4) Security Misconfiguration (CVE-2013-4672)\nUnprivileged operating system users (eg. apache) can gain root privileges\ndue to a misconfiguration of the sudo program. \n\n\n5) SQL Injection (CVE-2013-1617)\nSeveral SQL injection vulnerabilities were identified that allow an \nauthenticated administrator to issue manipulated SQL commands. \n\n\n6) Cross Site Request Forgery (CVE-2013-4671)\nThe cross site request forgery protection implemented can be bypassed easily. \nUsing this vulnerability, an attacker can issue requests in the context of\nadministrative user sessions. \n\n\nProof of concept:\n-----------------\n1) Reflected Cross Site Scripting (XSS) (CVE-2013-4670)\nThe following URL demonstrates a reflected cross site scripting vulnerability:\n\nhttps://\u003chost\u003e/spywall/feedback_report.php?rpp=0%27%20onfocus=%22alert%28%27xss%27%29%22%20autofocus/%3E\n\n\n2) Persistent Cross Site Scripting (XSS) (CVE-2013-4670)\nThe \"blocked.php\" page which is accessible without authentication allows to\ninject script code to the \"Blocking Feedback\" functionality on the \nadministration interface. The following URL demonstrates this issue. The\npayload of the parameter \"u\" will be stored permanently:\n\nhttps://\u003chost\u003e/spywall/blocked.php?id=1\u0026history=-2\u0026u=%27/%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E\n\n\n3) OS Command Injection (CVE-2013-1616)\nThe functionality to change the hostname as well as the \"Test Ping\" \nfunctionality allow to inject commands enclosed in backticks (`). These commands\nare run as the system user \"apache\". \nAffected scripts: /spywall/nameConfig.php\n                  /spywall/networkConfig.php\n\nDetailed proof of concept exploits have beem removed for this vulnerability. \n\n\n4) Security Misconfiguration (CVE-2013-4672)\nThe /etc/sudoers file allows the users \"apache\" and \"admin\" to run several \ncritical commands with root privileges. As the user \"apache\" is able to run\ncommands  like \"chmod\", \"chown\" and \"insmod\" without the need of a password,\nan attacker that is able to issue commands as this user (see 3) can effectively\ngain root privileges. \n\n\n5) SQL Injection (CVE-2013-1617)\nThe following URLs demonstrate the SQL injection flaws found by printing the \nusername and password hash of all users:\n\nhttps://\u003chost\u003e/spywall/feedback_report.php?variable[]=1) UNION SELECT 1,2,3,4,username,6,7,8,9,password FROM users -- \u0026operator[]=notequal\u0026operand[]=x\nhttps://\u003chost\u003e/spywall/edit_alert.php?alertid=11%20UNION%20SELECT%201,2,username,password,5,6,7,8,9,10,111,12,13,14,15,16,17,18%20FROM%20users%20--%20\n\n\n6) Cross Site Request Forgery (CVE-2013-4671)\nAs an example, the following request configures a LDAP server to authenticate\nadministrative users:\n\nPOST /spywall/ldapConfig.php HTTP/1.1\nHost: \u003chost\u003e\nCookie: PHPSESSID=\u003cvalid-cookie\u003e\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 247\n\nposttime=9999999999\u0026saveForm=Save\u0026useldap=1\u0026ldap_host=0.0.0.0\u0026ldap_port=389\u0026auth_method=Simple\u0026search_base=dc%3Dtest%2Cdc%3Dlocal\u0026ldap_user=test\u0026ldap_password=test\u0026dept_type=dept\u0026user_attribute=sAMAccountName\u0026user_attribute_other=\u0026ldap_timeout=168\n\nThe sole CSRF protection is the \"posttime\" parameter that contains a unix \ntimestamp that has to be greater than the one in the last request. Using the value\nof eg. \"9999999999\" would always succeed. \n\n\n\nAttack scenario:\n----------------\n\nUsing the vulnerabilities mentioned above, the following attack has been\nimplemented (the exploit code will not be published):\n\n1) A user protected by Symantec Web Gateway visits a website that embeds an\n   image (possible in most web forums), a URL or an IFrame. The URL of the\n   resource points to a blocked page (eg. the EICAR test file) and also\n   includes script code (Persistent XSS). If the blocked URL contains the parameter \"history=-2\"\n   (which has been added by the attacker) the URL/script (Persistent XSS) is\n   automatically stored as a \"Blocking Feedback\" entry in the admin interface\n3) When the administrator visits the \"Blocking Feedback\" page, the injected \n   script is executed. Using the OS command injection flaw, the script now\n   automatically downloads and executes a shell script. \n4) As the user \"apache\" has permission to execute \"chmod\" and \"chown\" as root, \n   the shell script can now create a SUID binary and run a reverse shell as root. \n5) The attacker can now access the system with highest (root) privileges\n\nNote: This attack only requires a user (protected by the Symantec Web\nGateway) to visit a \"malicious\" page. This can be achieved by sending phishing\nmails to employees, or embedding images, URLs or IFrames in websites employees\nwould likely visit. \n\nIf the attacker has already access to the target network, this is of course not\nnecessary - the persistent XSS vulnerability can be exploited directly. \n\nNote: No prior knowledge about hostnames or internal IP addresses in the target\nnetwork is needed!\n\nA detailed proof of concept exploit has been created but will not be\npublished. \n\n\nVendor contact timeline:\n------------------------\n2013-02-22: Sending advisory and proof of concept exploit via encrypted\n            channel. \n2013-02-22: Vendor acknowledges receipt of advisory. \n2013-03-05: Requesting status update. \n2013-03-05: Vendor confirms vulnerabilities, is working on solutions. \n2013-03-22: Requesting status update. \n2013-03-22: Vendor is still working on solutions. \n2013-04-19: Requesting status update and release schedule. \n2013-04-19: Vendor is in the \"final phases\" of releasing an update. \n2013-06-05: Sending reminder regarding deadlindes defined in disclosure policy. \n2013-06-05: Vendor will release an update in \"Mid-July\". \n2013-07-16: Vendor postpones update to timeframe beween July 22 and 25. \n2013-07-25: Vendor releases advisory and product update (version 5.1.1). \n2013-07-26: SEC Consult releases coordinated security advisory. \n\nMore information can be found at:\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00\n\n\n\nWorkaround:\n-----------\nNo workaround available. \n\n\n\nAdvisory URL:\n--------------\nhttps://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nSEC Consult Vulnerability Lab\n\nSEC Consult\nVienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius\n\nHeadquarter:\nMooslackengasse 17, 1190 Vienna, Austria\nPhone:   +43 1 8903043 0\nFax:     +43 1 8903043 15\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF Wolfgang Ettlinger / @2013\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "BID",
        "id": "61106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "PACKETSTORM",
        "id": "122556"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-61618",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1616",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "61106",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "122556",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-80755",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "27136",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-61618",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "BID",
        "id": "61106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "PACKETSTORM",
        "id": "122556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "id": "VAR-201308-0059",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T13:48:22.819000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM13-008",
        "trust": 0.8,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
      },
      {
        "title": "SYM13-008",
        "trust": 0.8,
        "url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/61106"
      },
      {
        "trust": 1.7,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/122556/symantec-web-gateway-xss-csrf-sql-injection-command-injection.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_symantec_web_gateway_multiple_vulnerabilities_v10.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1616"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1616"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com/business/web-gateway"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=\u0026amp;suid=20130725_00"
      },
      {
        "trust": 0.1,
        "url": "https://\u003chost\u003e/spywall/feedback_report.php?variable[]=1)"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/sec_consult"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1616"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4672"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4670"
      },
      {
        "trust": 0.1,
        "url": "https://\u003chost\u003e/spywall/blocked.php?id=1\u0026history=-2\u0026u=%27/%3e%3cscript%3ealert%28%27xss%27%29;%3c/script%3e"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/web-gateway"
      },
      {
        "trust": 0.1,
        "url": "http://blog.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "https://\u003chost\u003e/spywall/edit_alert.php?alertid=11%20union%20select%201,2,username,password,5,6,7,8,9,10,111,12,13,14,15,16,17,18%20from%20users%20--%20"
      },
      {
        "trust": 0.1,
        "url": "https://\u003chost\u003e/spywall/feedback_report.php?rpp=0%27%20onfocus=%22alert%28%27xss%27%29%22%20autofocus/%3e"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "BID",
        "id": "61106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "PACKETSTORM",
        "id": "122556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "db": "BID",
        "id": "61106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "db": "PACKETSTORM",
        "id": "122556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "date": "2013-07-17T00:00:00",
        "db": "BID",
        "id": "61106"
      },
      {
        "date": "2013-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "date": "2013-07-26T19:28:22",
        "db": "PACKETSTORM",
        "id": "122556"
      },
      {
        "date": "2013-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "date": "2013-08-01T13:32:21.367000",
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61618"
      },
      {
        "date": "2013-07-26T03:04:00",
        "db": "BID",
        "id": "61106"
      },
      {
        "date": "2013-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      },
      {
        "date": "2013-08-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      },
      {
        "date": "2014-01-17T05:13:29.660000",
        "db": "NVD",
        "id": "CVE-2013-1616"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Web Gateway An arbitrary command execution vulnerability in the appliance management console",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003618"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-581"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-1616

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

Aliases

CVE-2013-1616

Aliases

CVE-2013-1616

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1616",
    "description": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.",
    "id": "GSD-2013-1616",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-1616"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1616"
      ],
      "details": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.",
      "id": "GSD-2013-1616",
      "modified": "2023-12-13T01:22:20.533073Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@symantec.com",
        "ID": "CVE-2013-1616",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "61106",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/61106"
          },
          {
            "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
          },
          {
            "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt",
            "refsource": "MISC",
            "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
          },
          {
            "name": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2013-1616"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "61106",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/61106"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130725_00"
            },
            {
              "name": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html"
            },
            {
              "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-01-17T05:13Z",
      "publishedDate": "2013-08-01T13:32Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-1616

Vulnerability from cvelistv5

ghsa-h6vj-hgf8-4cf9

Vulnerability from github

fkie_cve-2013-1616

Vulnerability from fkie_nvd

var-201308-0059

Vulnerability from variot

Vendor/product description:

Business recommendation:

Vulnerability overview/description:

Proof of concept:

Attack scenario:

Vendor contact timeline:

Workaround:

Advisory URL:

gsd-2013-1616

Vulnerability from gsd

Tags

Sightings

Nomenclature