Sign-up

ID

VAR-201402-0109


CVE

CVE-2013-5013


TITLE

Symantec Web Gateway Cross-site scripting vulnerability in the management console running on the appliance

Trust: 0.8

sources: JVNDB: JVNDB-2013-006026

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. Web Script or HTML May be inserted. Symantec Web Gateway is a Web security gateway hardware appliance. Because Symantec Web Gateway failed to properly filter user-supplied input, a remote attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected user. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.52

sources: NVD: CVE-2013-5013 // JVNDB: JVNDB-2013-006026 // CNVD: CNVD-2014-00733 // BID: 65405 // VULHUB: VHN-65015

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00733

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:eqversion:5.1.1

Trust: 1.5

vendor:symantecmodel:web gatewayscope:lteversion:5.1.1

Trust: 1.0

vendor:symantecmodel:web gatewayscope:ltversion:5.2

Trust: 0.8

vendor:symantecmodel:web gatewayscope:neversion:5.2

Trust: 0.3

sources: CNVD: CNVD-2014-00733 // BID: 65405 // JVNDB: JVNDB-2013-006026 // CNNVD: CNNVD-201402-109 // NVD: CVE-2013-5013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5013
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5013
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00733
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201402-109
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65015
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5013
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00733
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65015
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00733 // VULHUB: VHN-65015 // JVNDB: JVNDB-2013-006026 // CNNVD: CNNVD-201402-109 // NVD: CVE-2013-5013

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65015 // JVNDB: JVNDB-2013-006026 // NVD: CVE-2013-5013

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-109

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201402-109

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006026

PATCH
title:SYM14-003url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.8
title:SYM14-003url:http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.8
title:Symantec Web Gateway has multiple patches for unidentified cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/43386
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00733 // 
            
            
            
            JVNDB: JVNDB-2013-006026

EXTERNAL IDS
db:NVDid:CVE-2013-5013
Trust: 3.4
db:BIDid:65405
Trust: 2.6
db:OSVDBid:103144
Trust: 1.1
db:OSVDBid:103147
Trust: 1.1
db:OSVDBid:103145
Trust: 1.1
db:JVNDBid:JVNDB-2013-006026
Trust: 0.8
db:CNNVDid:CNNVD-201402-109
Trust: 0.7
db:CNVDid:CNVD-2014-00733
Trust: 0.6
db:SECUNIAid:56895
Trust: 0.6
db:VULHUBid:VHN-65015
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00733 // 
            
            
            
            VULHUB: VHN-65015 // 
            
            
            
            BID: 65405 // 
            
            
            
            JVNDB: JVNDB-2013-006026 // 
            
            
            
            CNNVD: CNNVD-201402-109 // 
            
            
            
            NVD: CVE-2013-5013

REFERENCES
url:http://www.securityfocus.com/bid/65405
Trust: 2.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 1.6
url:http://osvdb.org/103144
Trust: 1.1
url:http://osvdb.org/103145
Trust: 1.1
url:http://osvdb.org/103147
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5013
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5013
Trust: 0.8
url:http://secunia.com/advisories/56895
Trust: 0.6
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00733 // 
            
            
            
            VULHUB: VHN-65015 // 
            
            
            
            BID: 65405 // 
            
            
            
            JVNDB: JVNDB-2013-006026 // 
            
            
            
            CNNVD: CNNVD-201402-109 // 
            
            
            
            NVD: CVE-2013-5013

CREDITS
Shaun Bertrand of Creative Breakthroughs Inc, Comrade Polar Bear and William Costa
Trust: 0.3
sources:
            
            
            BID: 65405

SOURCES
db:CNVDid:CNVD-2014-00733
db:VULHUBid:VHN-65015
db:BIDid:65405
db:JVNDBid:JVNDB-2013-006026
db:CNNVDid:CNNVD-201402-109
db:NVDid:CVE-2013-5013

LAST UPDATE DATE
2025-04-11T23:07:14.143000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00733date:2014-02-20T00:00:00
db:VULHUBid:VHN-65015date:2015-07-30T00:00:00
db:BIDid:65405date:2014-02-10T00:00:00
db:JVNDBid:JVNDB-2013-006026date:2014-02-12T00:00:00
db:CNNVDid:CNNVD-201402-109date:2014-02-13T00:00:00
db:NVDid:CVE-2013-5013date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00733date:2014-02-12T00:00:00
db:VULHUBid:VHN-65015date:2014-02-11T00:00:00
db:BIDid:65405date:2014-02-10T00:00:00
db:JVNDBid:JVNDB-2013-006026date:2014-02-12T00:00:00
db:CNNVDid:CNNVD-201402-109date:2014-02-13T00:00:00
db:NVDid:CVE-2013-5013date:2014-02-11T02:55:08.617