Signature Detail
Short Name |
APP:SYMC:WG-PBCONTROL |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Web Gateway pbcontrol.php Command Injection |
Release Date |
2012/08/01 |
Update Number |
2167 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Symantec Web Gateway pbcontrol.php Command Injection
This signature detects attempts to exploit a known command injection vulnerability in the Symantec Web Gateway. It is due to the insufficient validation of user-supplied input. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the process.
Extended Description
Symantec Web Gateway is prone to a vulnerability that can allow an attacker to execute arbitrary commands. Successful exploits will result in the execution of arbitrary attack-supplied commands in the context of the affected application. Symantec Web Gateway versions 5.0.x.x are vulnerable.
Affected Products
- Symantec Web Gateway 5.0.1
- Symantec Web Gateway 5.0.2.18
- Symantec Web Gateway 5.0.3
- Symantec Web Gateway 5.0.3.17
References
- BugTraq: 54426
- CVE: CVE-2012-2953
- URL: http://www.symantec.com/business/web-gateway