CVE-2012-0297

EXPLOITED

Symantec Web Gateway <5.0.3 - RCE

Title source: llm

Description

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19065

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/18942

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by muts · pythonwebappslinux

https://www.exploit-db.com/exploits/18932

View Code ZIP pw:eip

exploitdb WORKING POC

webappslinux

https://www.exploit-db.com/exploits/19406

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Unknown, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_web_gateway_exec.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Unknown, muts, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_web_gateway_lfi.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75731

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53444

Scores

EPSS 0.8946

EPSS Percentile 99.6%

Details

VulnCheck KEV 2023-12-06

CWE

CWE-264

Status published

Products (3)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

Published May 21, 2012

Tracked Since Feb 18, 2026