Sign-up

ID

VAR-201705-3128


CVE

CVE-2016-9099


TITLE

plural  Broadcom  Product Open Redirect Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009737

DESCRIPTION

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. multiple Broadcom The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

Trust: 2.52

sources: NVD: CVE-2016-9099 // JVNDB: JVNDB-2016-009737 // CNVD: CNVD-2018-01377 // BID: 102455 // VULHUB: VHN-97919

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01377

AFFECTED PRODUCTS

vendor:symantecmodel:proxysgscope:eqversion:6.6

Trust: 1.2

vendor:symantecmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 1.2

vendor:broadcommodel:symantec proxysgscope:gteversion:6.5

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:gteversion:6.7

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:ltversion:6.7.2.1

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:gteversion:6.7

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:eqversion:6.6

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:eqversion:6.6

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:ltversion:6.5.10.6

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:ltversion:6.7.2.1

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope: - version: -

Trust: 0.8

vendor:broadcommodel:symantec proxysgscope: - version: -

Trust: 0.8

vendor:symantecmodel:proxysgscope:gteversion:6.5<=6.5.10.6

Trust: 0.6

vendor:symantecmodel:proxysgscope:gteversion:6.7<=6.7.2.1

Trust: 0.6

vendor:symantecmodel:advanced secure gatewayscope:gteversion:6.7<=6.7.2.1

Trust: 0.6

vendor:bluecoatmodel:proxysgscope:eqversion:6.7

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.7

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:symantecmodel:proxysgscope:neversion:6.7.2.1

Trust: 0.3

vendor:symantecmodel:proxysgscope:neversion:6.5.10.6

Trust: 0.3

vendor:symantecmodel:advanced secure gatewayscope:neversion:6.7.2.1

Trust: 0.3

sources: CNVD: CNVD-2018-01377 // BID: 102455 // JVNDB: JVNDB-2016-009737 // CNNVD: CNNVD-201801-443 // NVD: CVE-2016-9099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9099
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9099
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-01377
value: LOW

Trust: 0.6

CNNVD: CNNVD-201801-443
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97919
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9099
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-01377
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97919
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9099
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-01377 // VULHUB: VHN-97919 // JVNDB: JVNDB-2016-009737 // CNNVD: CNNVD-201801-443 // NVD: CVE-2016-9099

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.1

problemtype:Open redirect (CWE-601) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-97919 // JVNDB: JVNDB-2016-009737 // NVD: CVE-2016-9099

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-443

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 102455 // CNNVD: CNNVD-201801-443

PATCH

title:Patch for SymantecProxySG and AdvancedSecureGateway Open Redirection Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/113935

Trust: 0.6

title:Symantec ProxySG and Advanced Secure Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77692

Trust: 0.6

sources: CNVD: CNVD-2018-01377 // CNNVD: CNNVD-201801-443

EXTERNAL IDS

db:NVDid:CVE-2016-9099

Trust: 4.2

db:BIDid:102455

Trust: 3.4

db:SECTRACKid:1040138

Trust: 2.5

db:JVNDBid:JVNDB-2016-009737

Trust: 0.8

db:CNNVDid:CNNVD-201801-443

Trust: 0.7

db:CNVDid:CNVD-2018-01377

Trust: 0.6

db:VULHUBid:VHN-97919

Trust: 0.1

sources: CNVD: CNVD-2018-01377 // VULHUB: VHN-97919 // BID: 102455 // JVNDB: JVNDB-2016-009737 // CNNVD: CNNVD-201801-443 // NVD: CVE-2016-9099

REFERENCES

url:https://www.symantec.com/security-center/network-protection-security-advisories/sa155

Trust: 3.1

url:http://www.securityfocus.com/bid/102455

Trust: 3.1

url:http://www.securitytracker.com/id/1040138

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-9099

Trust: 0.8

url:https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg

Trust: 0.3

sources: CNVD: CNVD-2018-01377 // VULHUB: VHN-97919 // BID: 102455 // JVNDB: JVNDB-2016-009737 // CNNVD: CNNVD-201801-443 // NVD: CVE-2016-9099

CREDITS

Jakub Palaczynski and Pawel Bartunek.

Trust: 0.9

sources: BID: 102455 // CNNVD: CNNVD-201801-443

SOURCES

db:CNVDid:CNVD-2018-01377
db:VULHUBid:VHN-97919
db:BIDid:102455
db:JVNDBid:JVNDB-2016-009737
db:CNNVDid:CNNVD-201801-443
db:NVDid:CVE-2016-9099

LAST UPDATE DATE

2024-11-23T21:53:31.342000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-01377date:2018-01-19T00:00:00
db:VULHUBid:VHN-97919date:2021-07-08T00:00:00
db:BIDid:102455date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2016-009737date:2024-07-18T07:31:00
db:CNNVDid:CNNVD-201801-443date:2021-06-28T00:00:00
db:NVDid:CVE-2016-9099date:2024-11-21T03:00:35.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-01377date:2018-01-19T00:00:00
db:VULHUBid:VHN-97919date:2017-05-11T00:00:00
db:BIDid:102455date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2016-009737date:2024-07-18T00:00:00
db:CNNVDid:CNNVD-201801-443date:2018-01-12T00:00:00
db:NVDid:CVE-2016-9099date:2017-05-11T14:30:16.407