CVE-2012-0298

Symantec Web Gateway <5.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0298. PoCs published by S2 Crew.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Symantec Web Gateway 5.0.2.8, including local file inclusion (LFI), arbitrary file download/delete, and remote command execution (RCE) via file upload and log poisoning. It provides clear examples of exploiting these flaws to achieve RCE.

Description

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by S2 Crew · textwebappslinux
https://www.exploit-db.com/exploits/19406

This exploit demonstrates multiple vulnerabilities in Symantec Web Gateway 5.0.2.8, including local file inclusion (LFI), arbitrary file download/delete, and remote command execution (RCE) via file upload and log poisoning. It provides clear examples of exploiting these flaws to achieve RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Web Gateway 5.0.2.8
No auth needed
Prerequisites: Network access to the target · Web server with vulnerable Symantec Web Gateway
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75732
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53442

Scores

EPSS 0.0944
EPSS Percentile 94.8%

Details

CWE
CWE-264
Status published
Products (3)
symantec/web_gateway 5.0
symantec/web_gateway 5.0.1
symantec/web_gateway 5.0.2
Published May 21, 2012
Tracked Since Feb 18, 2026