Short Name |
APP:SYMC:MESSAGING-SAVE.DO-CSRF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Messaging Gateway Save.do Cross Site Request Forgery |
Release Date |
2013/01/07 |
Update Number |
2222 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known cross-site request forgery (CSRF) vulnerability against Symantec messaging gateway. It is due to input validation errors when accepting user input. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful attack may result in adding an administrator user to the system.
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.