CVE-2012-2953

Symantec Web Gateway <5.0.3.18 - RCE

Title source: llm

Description

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/20113

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by muts · pythonremotelinux

https://www.exploit-db.com/exploits/20088

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by muts, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/108471

[Vendor Advisory] http://www.securityfocus.com/bid/54426

[Third Party Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

Scores

EPSS 0.8341

EPSS Percentile 99.3%

Classification

CWE

CWE-78

Status draft

Affected Products (4)

symantec/web_gateway

Timeline

Published Jul 23, 2012

Tracked Since Feb 18, 2026