|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0192
The original article can be found at: http://www.securityfocus.com/bid/9755
|
| |
Vulnerable Systems:
* Symantec Symantec Gateway Security 5400 Series 2.0
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks. The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
Vendor Status:
Symantec as issued an update for this vulnerablity
Patch Availability:
http://www.symantec.com/avcenter/security/Content/2004.03.03.html
CVE Information:
CVE-2004-0192
|
|
|
|
|
