Details of VAR-200412-0184

ID

VAR-200412-0184

CVE

CVE-2004-1483

TITLE

The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#760256

DESCRIPTION

Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. The issues include multiple vulnerabilities related to the ActiveX and HTML file browser, cross-site scripting vulnerabilities in the end user interface, and a vulnerability in the end user interface that will allow an unauthorized user to change another user's single signon information. Remote attackers can use this vulnerability to modify other users' authentication information. No detailed vulnerability details are currently available. Cross-site scripting issues have also been reported by end users. 2) Various unspecified input validation errors within the end user UI can be exploited to conduct cross-site scripting attacks. 3) An error within the end user UI can be exploited by malicious users to manipulate other users' signon information (including username and password). SOLUTION: A hotfix is available: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/SCVG5-20040806-00.tgz PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2004-1483 // CERT/CC: VU#760256 // BID: 10903 // VULHUB: VHN-9913 // PACKETSTORM: 34006

AFFECTED PRODUCTS

vendor:	symantec	model:	clientless vpn gateway 4400	scope:	eq	version:	5.0	Trust: 1.6
vendor:	symantec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	clientless vpn gateway series	scope:	eq	version:	44005.0	Trust: 0.3

sources: CERT/CC: VU#760256 // BID: 10903 // CNNVD: CNNVD-200412-1172 // NVD: CVE-2004-1483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1483
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#760256
value:	0.62
Trust: 0.8
CNNVD:	CNNVD-200412-1172
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-9913
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1483
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9913
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#760256 // VULHUB: VHN-9913 // CNNVD: CNNVD-200412-1172 // NVD: CVE-2004-1483

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1172

TYPE

Unknown

Trust: 0.9

sources: BID: 10903 // CNNVD: CNNVD-200412-1172

EXTERNAL IDS

db:	SECUNIA	id:	12254	Trust: 2.6
db:	OSVDB	id:	8508	Trust: 2.5
db:	CERT/CC	id:	VU#760256	Trust: 2.5
db:	BID	id:	10903	Trust: 2.0
db:	NVD	id:	CVE-2004-1483	Trust: 1.7
db:	SECTRACK	id:	1010918	Trust: 0.8
db:	XF	id:	16933	Trust: 0.6
db:	NSFOCUS	id:	6788	Trust: 0.6
db:	CNNVD	id:	CNNVD-200412-1172	Trust: 0.6
db:	VULHUB	id:	VHN-9913	Trust: 0.1
db:	PACKETSTORM	id:	34006	Trust: 0.1

sources: CERT/CC: VU#760256 // VULHUB: VHN-9913 // BID: 10903 // PACKETSTORM: 34006 // CNNVD: CNNVD-200412-1172 // NVD: CVE-2004-1483

REFERENCES

url:	ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt	Trust: 2.8
url:	http://secunia.com/advisories/12254/	Trust: 2.6
url:	http://www.securityfocus.com/bid/10903	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/760256	Trust: 1.7
url:	http://www.osvdb.org/8508	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16933	Trust: 1.1
url:	http://www.securitytracker.com/alerts/2004/aug/1010918.html	Trust: 0.8
url:	http://securityresponse.symantec.com/avcenter/security/content/2004.08.13.html	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=8508	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16933	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6788	Trust: 0.6
url:	http://enterprisesecurity.symantec.com/products/products.cfm?productid=342&eid=0	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/3283/	Trust: 0.1

sources: CERT/CC: VU#760256 // VULHUB: VHN-9913 // BID: 10903 // PACKETSTORM: 34006 // CNNVD: CNNVD-200412-1172 // NVD: CVE-2004-1483

CREDITS

Symantec

Trust: 0.6

sources: CNNVD: CNNVD-200412-1172

SOURCES

db:	CERT/CC	id:	VU#760256
db:	VULHUB	id:	VHN-9913
db:	BID	id:	10903
db:	PACKETSTORM	id:	34006
db:	CNNVD	id:	CNNVD-200412-1172
db:	NVD	id:	CVE-2004-1483

LAST UPDATE DATE

2024-08-14T14:35:51.542000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#760256	date:	2004-10-20T00:00:00
db:	VULHUB	id:	VHN-9913	date:	2017-07-11T00:00:00
db:	BID	id:	10903	date:	2004-08-06T00:00:00
db:	CNNVD	id:	CNNVD-200412-1172	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1483	date:	2017-07-11T01:31:04.357

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#760256	date:	2004-10-20T00:00:00
db:	VULHUB	id:	VHN-9913	date:	2004-12-31T00:00:00
db:	BID	id:	10903	date:	2004-08-06T00:00:00
db:	PACKETSTORM	id:	34006	date:	2004-08-11T00:30:13
db:	CNNVD	id:	CNNVD-200412-1172	date:	2004-08-10T00:00:00
db:	NVD	id:	CVE-2004-1483	date:	2004-12-31T05:00:00