Homeland Security: Symantec Web Gateway Vulnerable

June 19, 2014 | By Kevin Judge

According to Homeland Security’s Computer Emergency Response Team (US-CERT), the Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities.

Symantec Web Gateway 5.1.1.24, and possibly earlier versions, contains a cross-site scripting vulnerability in the filter_date_period, variable and operator parameters of the /spywall/entSummary.php, /spywall/custom_report.php, /spywall/host_spy_report.php and /spywall/repairedclients.php pages.

This means that a remote unauthenticated attacker may be able to inject arbitrary script or SQL commands. Symantec Web Gateway users should upgrade to 5.2.1 or later

Homeland security recommends that you only allow connections from trusted hosts and networks to prevent an attacker from accessing the web interface using stolen credentials from a blocked network location..

Restricting access will not prevent XSS or SQLi attacks since the attack comes as a request from a legitimate user’s host.

Symantec Web Gateway is a web filtering software intended to protect an organization against malware.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>