CVE-2012-0297
First published: Mon May 21 2012(Updated: )
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Web Gateway | =5.0 | |
| Symantec Web Gateway | =5.0.1 | |
| Symantec Web Gateway | =5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0297?
CVE-2012-0297 has a high severity due to its potential to allow remote code execution.
How do I fix CVE-2012-0297?
You can fix CVE-2012-0297 by updating Symantec Web Gateway to version 5.0.3 or later.
What versions of Symantec Web Gateway are affected by CVE-2012-0297?
CVE-2012-0297 affects Symantec Web Gateway versions 5.0, 5.0.1, and 5.0.2.
What type of attack does CVE-2012-0297 allow?
CVE-2012-0297 allows remote attackers to execute arbitrary code through improper access restrictions.
Is there a workaround for CVE-2012-0297?
There are no specific workarounds for CVE-2012-0297; applying the appropriate patch is recommended.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/tags
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/symantec
- canonical/symantec web gateway
- version/symantec web gateway/5.0
- version/symantec web gateway/5.0.1
- version/symantec web gateway/5.0.2