Sign-up

ID

VAR-201208-0419


CVE

CVE-2012-4178


TITLE

Symantec Web Gateway 'deptUploads_data.php' SQL Injection Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-4034 // BID: 54721

DESCRIPTION

SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. Symantec Web Gateway is a Web security gateway hardware appliance. Attackers can exploit the vulnerability for SQL injection attacks to obtain database sensitive information or control applications. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.52

sources: NVD: CVE-2012-4178 // JVNDB: JVNDB-2012-003512 // CNVD: CNVD-2012-4034 // BID: 54721 // VULHUB: VHN-57459

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-4034

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3.18

Trust: 3.0

sources: CNVD: CNVD-2012-4034 // JVNDB: JVNDB-2012-003512 // CNNVD: CNNVD-201207-590 // NVD: CVE-2012-4178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4178
value: HIGH

Trust: 1.0

NVD: CVE-2012-4178
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-590
value: HIGH

Trust: 0.6

VULHUB: VHN-57459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4178
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57459
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57459 // JVNDB: JVNDB-2012-003512 // CNNVD: CNNVD-201207-590 // NVD: CVE-2012-4178

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-57459 // JVNDB: JVNDB-2012-003512 // NVD: CVE-2012-4178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-590

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201207-590

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003512

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-57459

PATCH
title:Symantec Web Gatewayurl:http://www.symantec.com/web-gateway
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003512

EXTERNAL IDS
db:NVDid:CVE-2012-4178
Trust: 2.8
db:BIDid:54721
Trust: 2.6
db:EXPLOIT-DBid:20123
Trust: 2.3
db:SECTRACKid:1027358
Trust: 1.1
db:JVNDBid:JVNDB-2012-003512
Trust: 0.8
db:CNNVDid:CNNVD-201207-590
Trust: 0.7
db:CNVDid:CNVD-2012-4034
Trust: 0.6
db:XFid:77264
Trust: 0.6
db:SEEBUGid:SSVID-74012
Trust: 0.1
db:VULHUBid:VHN-57459
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4034 // 
            
            
            
            VULHUB: VHN-57459 // 
            
            
            
            BID: 54721 // 
            
            
            
            JVNDB: JVNDB-2012-003512 // 
            
            
            
            CNNVD: CNNVD-201207-590 // 
            
            
            
            NVD: CVE-2012-4178

REFERENCES
url:http://www.securityfocus.com/bid/54721
Trust: 1.7
url:http://www.exploit-db.com/exploits/20123
Trust: 1.7
url:http://www.securitytracker.com/id?1027358
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/77264
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4178
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4178
Trust: 0.8
url:http://www.exploit-db.com/exploits/20123/
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/77264
Trust: 0.6
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-4034 // 
            
            
            
            VULHUB: VHN-57459 // 
            
            
            
            BID: 54721 // 
            
            
            
            JVNDB: JVNDB-2012-003512 // 
            
            
            
            CNNVD: CNNVD-201207-590 // 
            
            
            
            NVD: CVE-2012-4178

CREDITS
@_Kc57
Trust: 0.9
sources:
            
            
            BID: 54721 // 
            
            
            
            CNNVD: CNNVD-201207-590

SOURCES
db:CNVDid:CNVD-2012-4034
db:VULHUBid:VHN-57459
db:BIDid:54721
db:JVNDBid:JVNDB-2012-003512
db:CNNVDid:CNNVD-201207-590
db:NVDid:CVE-2012-4178

LAST UPDATE DATE
2024-11-23T22:42:43.102000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4034date:2012-08-01T00:00:00
db:VULHUBid:VHN-57459date:2017-08-29T00:00:00
db:BIDid:54721date:2012-08-09T16:22:00
db:JVNDBid:JVNDB-2012-003512date:2012-08-09T00:00:00
db:CNNVDid:CNNVD-201207-590date:2012-08-01T00:00:00
db:NVDid:CVE-2012-4178date:2024-11-21T01:42:20.073

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-4034date:2012-08-01T00:00:00
db:VULHUBid:VHN-57459date:2012-08-07T00:00:00
db:BIDid:54721date:2012-07-30T00:00:00
db:JVNDBid:JVNDB-2012-003512date:2012-08-09T00:00:00
db:CNNVDid:CNNVD-201207-590date:2012-07-30T00:00:00
db:NVDid:CVE-2012-4178date:2012-08-07T22:55:01.640