Details of VAR-201101-0009

ID

VAR-201101-0009

CVE

CVE-2010-0115

TITLE

Symantec Web Gateway Management GUI SQL Injection Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-0151 // BID: 45742

DESCRIPTION

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management interface which listens by default on TCP port 443. While parsing requests sent to the login.php page, the process does not properly sanitize the USERNAME POST parameter. By sending a specially crafted string, a remote attacker can leverage this vulnerability to inject arbitrary SQL into the backend database on the server. Symantec Web Gateway is a Web security gateway hardware appliance. Any SQL. Exploiting this issue could allow an attacker to compromise the device, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 -- Disclosure Timeline: 2010-09-23 - Vulnerability reported to vendor 2011-01-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * RadLSneak -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Management Interface "USERNAME" SQL Injection SECUNIA ADVISORY ID: SA42878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 RELEASE DATE: 2011-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/42878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Web Gateway, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to compromise a vulnerable system. The vulnerability is reported in version 4.5. Other versions may also be affected. SOLUTION: Update to version 4.5.0.376 or later. PROVIDED AND/OR DISCOVERED BY: RadLSneak via ZDI. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-013/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2010-0115 // JVNDB: JVNDB-2011-003847 // ZDI: ZDI-11-013 // CNVD: CNVD-2011-0151 // BID: 45742 // VULHUB: VHN-42720 // PACKETSTORM: 97490 // PACKETSTORM: 97526

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-0151

AFFECTED PRODUCTS

vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5	Trust: 2.5
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5.0.327	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5.0.325	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5.0.326	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5.0.376	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	lt	version:	4.5	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	-	version:	-	Trust: 0.7
vendor:	symantec	model:	web gateway	scope:	ne	version:	4.5.0.376	Trust: 0.3

sources: ZDI: ZDI-11-013 // CNVD: CNVD-2011-0151 // BID: 45742 // JVNDB: JVNDB-2011-003847 // CNNVD: CNNVD-201101-168 // NVD: CVE-2010-0115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0115
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0115
value:	HIGH
Trust: 0.8
ZDI:	CVE-2010-0115
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201101-168
value:	HIGH
Trust: 0.6
VULHUB:	VHN-42720
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-0115
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2010-0115
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-42720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-11-013 // VULHUB: VHN-42720 // JVNDB: JVNDB-2011-003847 // CNNVD: CNNVD-201101-168 // NVD: CVE-2010-0115

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-42720 // JVNDB: JVNDB-2011-003847 // NVD: CVE-2010-0115

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 97490 // CNNVD: CNNVD-201101-168

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 97526 // CNNVD: CNNVD-201101-168

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003847

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-42720

PATCH

title:	SYM11-001	url:	http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00	Trust: 1.5
title:	Symantec Web Gateway Management GUI SQL Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/2572	Trust: 0.6

sources: ZDI: ZDI-11-013 // CNVD: CNVD-2011-0151 // JVNDB: JVNDB-2011-003847

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0115	Trust: 4.2
db:	ZDI	id:	ZDI-11-013	Trust: 3.5
db:	BID	id:	45742	Trust: 2.0
db:	SECUNIA	id:	42878	Trust: 1.9
db:	VUPEN	id:	ADV-2011-0088	Trust: 1.7
db:	SECTRACK	id:	1024958	Trust: 1.7
db:	OSVDB	id:	70415	Trust: 1.1
db:	JVNDB	id:	JVNDB-2011-003847	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-879	Trust: 0.7
db:	CNNVD	id:	CNNVD-201101-168	Trust: 0.7
db:	CNVD	id:	CNVD-2011-0151	Trust: 0.6
db:	XF	id:	64658	Trust: 0.6
db:	PACKETSTORM	id:	97490	Trust: 0.2
db:	VULHUB	id:	VHN-42720	Trust: 0.1
db:	PACKETSTORM	id:	97526	Trust: 0.1

sources: ZDI: ZDI-11-013 // CNVD: CNVD-2011-0151 // VULHUB: VHN-42720 // BID: 45742 // JVNDB: JVNDB-2011-003847 // PACKETSTORM: 97490 // PACKETSTORM: 97526 // CNNVD: CNNVD-201101-168 // NVD: CVE-2010-0115

REFERENCES

url:	http://www.zerodayinitiative.com/advisories/zdi-11-013/	Trust: 2.7
url:	http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00	Trust: 1.7
url:	http://www.securityfocus.com/bid/45742	Trust: 1.7
url:	http://www.securitytracker.com/id?1024958	Trust: 1.7
url:	http://secunia.com/advisories/42878	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0088	Trust: 1.7
url:	http://osvdb.org/70415	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/64658	Trust: 1.1
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0115	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0115	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/64658	Trust: 0.6
url:	http://www.symantec.com/business/web-gateway	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00	Trust: 0.1
url:	http://www.zerodayinitiative.com/advisories/disclosure_policy/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0115	Trust: 0.1
url:	http://www.zerodayinitiative.com/advisories/zdi-11-013	Trust: 0.1
url:	http://twitter.com/thezdi	Trust: 0.1
url:	http://www.zerodayinitiative.com	Trust: 0.1
url:	http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42878	Trust: 0.1
url:	http://secunia.com/advisories/42878/	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/advisories/42878/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

RadLSneak

Trust: 0.7

sources: ZDI: ZDI-11-013

SOURCES

db:	ZDI	id:	ZDI-11-013
db:	CNVD	id:	CNVD-2011-0151
db:	VULHUB	id:	VHN-42720
db:	BID	id:	45742
db:	JVNDB	id:	JVNDB-2011-003847
db:	PACKETSTORM	id:	97490
db:	PACKETSTORM	id:	97526
db:	CNNVD	id:	CNNVD-201101-168
db:	NVD	id:	CVE-2010-0115

LAST UPDATE DATE

2025-04-11T23:15:37.415000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-11-013	date:	2011-01-12T00:00:00
db:	CNVD	id:	CNVD-2011-0151	date:	2011-01-13T00:00:00
db:	VULHUB	id:	VHN-42720	date:	2017-08-17T00:00:00
db:	BID	id:	45742	date:	2011-01-12T19:42:00
db:	JVNDB	id:	JVNDB-2011-003847	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201101-168	date:	2011-01-17T00:00:00
db:	NVD	id:	CVE-2010-0115	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-11-013	date:	2011-01-12T00:00:00
db:	CNVD	id:	CNVD-2011-0151	date:	2011-01-13T00:00:00
db:	VULHUB	id:	VHN-42720	date:	2011-01-14T00:00:00
db:	BID	id:	45742	date:	2011-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-003847	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	97490	date:	2011-01-13T03:33:36
db:	PACKETSTORM	id:	97526	date:	2011-01-13T05:44:24
db:	CNNVD	id:	CNNVD-201101-168	date:	2011-01-17T00:00:00
db:	NVD	id:	CVE-2010-0115	date:	2011-01-14T23:00:44.100