Sign-up

ID

VAR-201509-0147


CVE

CVE-2015-5691


TITLE

Symantec Web Gateway Management console running on the appliance software PHP Cross-site scripting vulnerability in script

Trust: 0.8

sources: JVNDB: JVNDB-2015-004898

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting.The specific flaw exists within the admin_messages.php file which relies on mimetypes and file extensions to block potentially dangerous file uploads. An attacker can exploit this condition to upload arbitrary files as the apache user. Due to loose sudo restrictions, an attacker can add the setuid attribute and execute arbitrary code under the context of root. Symantec Web Gateway is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software provides web content filtering, data loss prevention, and more

Trust: 2.61

sources: NVD: CVE-2015-5691 // JVNDB: JVNDB-2015-004898 // ZDI: ZDI-15-443 // BID: 76728 // VULHUB: VHN-83652

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:lteversion:5.2.2

Trust: 1.0

vendor:symantecmodel:web gatewayscope:ltversion:5.2.2 db 5.0.0.1277

Trust: 0.8

vendor:symantecmodel:web gatewayscope: - version: -

Trust: 0.7

vendor:symantecmodel:web gatewayscope:eqversion:5.2.2

Trust: 0.6

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5.0.376

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5

Trust: 0.3

sources: ZDI: ZDI-15-443 // BID: 76728 // JVNDB: JVNDB-2015-004898 // CNNVD: CNNVD-201509-252 // NVD: CVE-2015-5691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5691
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5691
value: MEDIUM

Trust: 0.8

ZDI: CVE-2015-5691
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201509-252
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83652
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5691
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2015-5691
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-83652
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-443 // VULHUB: VHN-83652 // JVNDB: JVNDB-2015-004898 // CNNVD: CNNVD-201509-252 // NVD: CVE-2015-5691

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-83652 // JVNDB: JVNDB-2015-004898 // NVD: CVE-2015-5691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-252

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201509-252

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004898

PATCH
title:SYM15-009url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 1.5
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            JVNDB: JVNDB-2015-004898

EXTERNAL IDS
db:NVDid:CVE-2015-5691
Trust: 3.5
db:ZDIid:ZDI-15-443
Trust: 2.4
db:BIDid:76728
Trust: 2.0
db:SECTRACKid:1033625
Trust: 1.1
db:JVNDBid:JVNDB-2015-004898
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2917
Trust: 0.7
db:CNNVDid:CNNVD-201509-252
Trust: 0.7
db:VULHUBid:VHN-83652
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            VULHUB: VHN-83652 // 
            
            
            
            BID: 76728 // 
            
            
            
            JVNDB: JVNDB-2015-004898 // 
            
            
            
            CNNVD: CNNVD-201509-252 // 
            
            
            
            NVD: CVE-2015-5691

REFERENCES
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 2.3
url:http://www.securityfocus.com/bid/76728
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-15-443/
Trust: 1.7
url:http://www.securitytracker.com/id/1033625
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5691
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5691
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            VULHUB: VHN-83652 // 
            
            
            
            BID: 76728 // 
            
            
            
            JVNDB: JVNDB-2015-004898 // 
            
            
            
            CNNVD: CNNVD-201509-252 // 
            
            
            
            NVD: CVE-2015-5691

CREDITS
Jos Wetzels with LeakFree Security.
Trust: 0.9
sources:
            
            
            BID: 76728 // 
            
            
            
            CNNVD: CNNVD-201509-252

SOURCES
db:ZDIid:ZDI-15-443
db:VULHUBid:VHN-83652
db:BIDid:76728
db:JVNDBid:JVNDB-2015-004898
db:CNNVDid:CNNVD-201509-252
db:NVDid:CVE-2015-5691

LAST UPDATE DATE
2025-04-13T23:09:47.283000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-443date:2015-09-16T00:00:00
db:VULHUBid:VHN-83652date:2016-12-22T00:00:00
db:BIDid:76728date:2015-11-03T19:14:00
db:JVNDBid:JVNDB-2015-004898date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-252date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5691date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-443date:2015-09-16T00:00:00
db:VULHUBid:VHN-83652date:2015-09-20T00:00:00
db:BIDid:76728date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004898date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-252date:2015-09-18T00:00:00
db:NVDid:CVE-2015-5691date:2015-09-20T20:59:06.243