Vulnerabilities > CVE-2007-0563 - Unspecified vulnerability in Symantec web Security

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
symantec
nessus
NVD
Published: 2007-01-30
Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.

Vulnerable Configurations

Part Description Count
Application
Symantec
8

Nessus

NASL familyCGI abuses
NASL idSYMANTEC_WS_DOS.NASL
descriptionAccording to its banner, the version of Symantec Web Security on the remote host is vulnerable to denial of service and cross-site scripting attacks.
last seen2020-06-01
modified2020-06-02
plugin id25446
published2007-06-07
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25446
titleSymantec Web Security (SWS) Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25446);
 script_version("1.16");

 script_cve_id("CVE-2007-0563","CVE-2007-0564");
 script_bugtraq_id(22184);

 script_name(english:"Symantec Web Security (SWS) Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by multiple vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"According to its banner, the version of Symantec Web Security on the
remote host is vulnerable to denial of service and cross-site
scripting attacks." );
 script_set_attribute(attribute:"solution", value:
"Upgrade at least to version 3.0.1.85." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/06/07");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/01/24");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/01/24");
 script_cvs_date("Date: 2018/08/01 17:36:12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:symantec:web_security");
script_end_attributes();

 
 script_summary(english:"Checks for SWS flaws");
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 
 script_family(english:"CGI abuses");
 script_dependencie("symantec_ws_detection.nasl");
 script_require_ports("Services/www", 8002);
 exit(0);
}

#
# The script code starts here
#

port = get_kb_item("Services/www");
if ( ! port ) port = 8002;
if(!get_port_state(port)) exit(0);

version=get_kb_item(string("www/", port, "/SWS"));
if (version) {
	if (ereg(pattern:"^(2\.|3\.0\.(0|1\.([0-9]|[1-7][0-9]|8[0-4])$))", string:version))
	{
		security_warning(port);
		set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
	}
}

References