CVE-2013-4671

Symantec Web Gateway < 5.1.1 - Authenticated Cross-Site Request Forgery

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

References (5)

Core 5

Core References

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

Various Sources x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61102

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95699

Scores

EPSS 0.0129

EPSS Percentile 79.9%

Details

CWE

CWE-352

Status published

Products (8)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

symantec/web_gateway 5.0.3.18

symantec/web_gateway < 5.1

symantec/web_gateway_appliance_8450

symantec/web_gateway_appliance_8490

Published Aug 01, 2013

Tracked Since Feb 18, 2026