ID

VAR-201107-0116


CVE

CVE-2011-0549


TITLE

Symantec Web Gateway of forget.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-004177

DESCRIPTION

SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the username parameter of POST requests to the forget.php script. Symantec Web Gateway is a Web security gateway hardware appliance. Attackers can obtain sensitive information or manipulate the database through SQL injection attacks. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45146 RELEASE DATE: 2011-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/45146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.5.x. Other versions may also be affected SOLUTION: Upgrade to version 5.0.1. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110707_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-233/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00 -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2011-07-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.33

sources: NVD: CVE-2011-0549 // JVNDB: JVNDB-2011-004177 // ZDI: ZDI-11-233 // CNVD: CNVD-2011-2616 // BID: 48318 // VULHUB: VHN-48494 // PACKETSTORM: 102934 // PACKETSTORM: 102910

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-2616

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:eqversion:4.5

Trust: 1.9

vendor:symantecmodel:web gatewayscope:eqversion:4.5.2.65

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.1.34

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.4.9

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.1.44

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.2.72

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.2.37

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.3.38

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.0.326

Trust: 1.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.x

Trust: 0.8

vendor:symantecmodel:web gatewayscope: - version: -

Trust: 0.7

vendor:symantecmodel:web gatewayscope:eqversion:4.x

Trust: 0.6

vendor:symantecmodel:web gatewayscope:eqversion:4.5.0.376

Trust: 0.3

vendor:symantecmodel:web gatewayscope:neversion:5.0.1

Trust: 0.3

sources: ZDI: ZDI-11-233 // CNVD: CNVD-2011-2616 // BID: 48318 // JVNDB: JVNDB-2011-004177 // CNNVD: CNNVD-201107-109 // NVD: CVE-2011-0549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0549
value: HIGH

Trust: 1.0

NVD: CVE-2011-0549
value: HIGH

Trust: 0.8

ZDI: CVE-2011-0549
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201107-109
value: HIGH

Trust: 0.6

VULHUB: VHN-48494
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-0549
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

VULHUB: VHN-48494
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-233 // VULHUB: VHN-48494 // JVNDB: JVNDB-2011-004177 // CNNVD: CNNVD-201107-109 // NVD: CVE-2011-0549

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-48494 // JVNDB: JVNDB-2011-004177 // NVD: CVE-2011-0549

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 102910 // CNNVD: CNNVD-201107-109

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 102934 // CNNVD: CNNVD-201107-109

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004177

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-48494

PATCH

title:SYM11-008url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110707_00

Trust: 0.8

title:Symantec has issued an update to correct this vulnerability.url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Trust: 0.7

title:Symantec Web Gateway Management Interface \"username\" SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/4365

Trust: 0.6

sources: ZDI: ZDI-11-233 // CNVD: CNVD-2011-2616 // JVNDB: JVNDB-2011-004177

EXTERNAL IDS

db:NVDid:CVE-2011-0549

Trust: 4.2

db:ZDIid:ZDI-11-233

Trust: 3.2

db:BIDid:48318

Trust: 2.0

db:SECUNIAid:45146

Trust: 1.9

db:SECTRACKid:1025753

Trust: 1.7

db:JVNDBid:JVNDB-2011-004177

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1048

Trust: 0.7

db:CNNVDid:CNNVD-201107-109

Trust: 0.7

db:CNVDid:CNVD-2011-2616

Trust: 0.6

db:NSFOCUSid:17185

Trust: 0.6

db:XFid:68428

Trust: 0.6

db:PACKETSTORMid:102910

Trust: 0.2

db:VULHUBid:VHN-48494

Trust: 0.1

db:PACKETSTORMid:102934

Trust: 0.1

sources: ZDI: ZDI-11-233 // CNVD: CNVD-2011-2616 // VULHUB: VHN-48494 // BID: 48318 // JVNDB: JVNDB-2011-004177 // PACKETSTORM: 102934 // PACKETSTORM: 102910 // CNNVD: CNNVD-201107-109 // NVD: CVE-2011-0549

REFERENCES

url:http://www.zerodayinitiative.com/advisories/zdi-11-233/

Trust: 1.8

url:http://www.securityfocus.com/bid/48318

Trust: 1.7

url:http://securitytracker.com/id?1025753

Trust: 1.7

url:http://secunia.com/advisories/45146

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/68428

Trust: 1.1

url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Trust: 1.0

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0549

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0549

Trust: 0.8

url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110707_00

Trust: 0.7

url:http://www.zerodayinitiative.com/advisories/zdi-11-233/http

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/68428

Trust: 0.6

url:http://www.nsfocus.net/vulndb/17185

Trust: 0.6

url:http://www.symantec.com/business/web-gateway

Trust: 0.3

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/45146/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/45146/

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45146

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0549

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-233

Trust: 0.1

sources: ZDI: ZDI-11-233 // CNVD: CNVD-2011-2616 // VULHUB: VHN-48494 // BID: 48318 // JVNDB: JVNDB-2011-004177 // PACKETSTORM: 102934 // PACKETSTORM: 102910 // CNNVD: CNNVD-201107-109 // NVD: CVE-2011-0549

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-11-233

SOURCES

db:ZDIid:ZDI-11-233
db:CNVDid:CNVD-2011-2616
db:VULHUBid:VHN-48494
db:BIDid:48318
db:JVNDBid:JVNDB-2011-004177
db:PACKETSTORMid:102934
db:PACKETSTORMid:102910
db:CNNVDid:CNNVD-201107-109
db:NVDid:CVE-2011-0549

LAST UPDATE DATE

2024-08-14T15:24:58.321000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-11-233date:2011-07-07T00:00:00
db:CNVDid:CNVD-2011-2616date:2011-07-11T00:00:00
db:VULHUBid:VHN-48494date:2017-08-17T00:00:00
db:BIDid:48318date:2011-07-07T00:00:00
db:JVNDBid:JVNDB-2011-004177date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201107-109date:2011-07-12T00:00:00
db:NVDid:CVE-2011-0549date:2017-08-17T01:33:36.853

SOURCES RELEASE DATE

db:ZDIid:ZDI-11-233date:2011-07-07T00:00:00
db:CNVDid:CNVD-2011-2616date:2011-07-11T00:00:00
db:VULHUBid:VHN-48494date:2011-07-11T00:00:00
db:BIDid:48318date:2011-07-07T00:00:00
db:JVNDBid:JVNDB-2011-004177date:2012-03-27T00:00:00
db:PACKETSTORMid:102934date:2011-07-08T04:36:53
db:PACKETSTORMid:102910date:2011-07-08T01:16:11
db:CNNVDid:CNNVD-201107-109date:1900-01-01T00:00:00
db:NVDid:CVE-2011-0549date:2011-07-11T20:55:00.897