What is the severity of CVE-2016-9099?

CVE-2016-9099 is classified as a medium severity vulnerability due to its potential for exploitation in phishing attacks.

How do I fix CVE-2016-9099?

To fix CVE-2016-9099, upgrade to Symantec Advanced Secure Gateway version 6.7.2.1 or later, or ProxySG version 6.5.10.6 or later.

What are the affected versions for CVE-2016-9099?

CVE-2016-9099 affects Symantec Advanced Secure Gateway versions prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, and both ProxySG 6.6 and 6.7 prior to 6.7.2.1.

Can CVE-2016-9099 be exploited remotely?

Yes, CVE-2016-9099 can be exploited remotely through a crafted management console URL in a phishing attack.

What type of vulnerability is CVE-2016-9099?

CVE-2016-9099 is classified as an open redirection vulnerability.

Vulnerability/
CVE-2016-9099

medium

6.1

CWE

601

11/5/2017

9/1/2018

6/8/2024

CVE-2016-9099

First published: Thu May 11 2017(Updated: )

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.

Credit: secure@symantec.com

Affected Software	Affected Version	How to fix
Broadcom Symantec Advanced Secure Gateway	>=6.7<6.7.2.1
Broadcom ProxySG	>=6.5<6.5.10.6
Broadcom Symantec Advanced Secure Gateway	=6.6
Broadcom ProxySG	=6.6
Broadcom ProxySG	>=6.7<6.7.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9099?
CVE-2016-9099 is classified as a medium severity vulnerability due to its potential for exploitation in phishing attacks.
How do I fix CVE-2016-9099?
To fix CVE-2016-9099, upgrade to Symantec Advanced Secure Gateway version 6.7.2.1 or later, or ProxySG version 6.5.10.6 or later.
What are the affected versions for CVE-2016-9099?
CVE-2016-9099 affects Symantec Advanced Secure Gateway versions prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, and both ProxySG 6.6 and 6.7 prior to 6.7.2.1.
Can CVE-2016-9099 be exploited remotely?
Yes, CVE-2016-9099 can be exploited remotely through a crafted management console URL in a phishing attack.
What type of vulnerability is CVE-2016-9099?
CVE-2016-9099 is classified as an open redirection vulnerability.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/weakness
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/broadcom
canonical/broadcom symantec advanced secure gateway
version/broadcom symantec advanced secure gateway/6.7
canonical/broadcom proxysg
version/broadcom proxysg/6.5
version/broadcom symantec advanced secure gateway/6.6
version/broadcom proxysg/6.6
version/broadcom proxysg/6.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.