Vulnerabilities > CVE-2007-3095 - Authentication Bypass vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | SYMANTEC_REPORTING_SERVER_1_0_224.NASL |
| description | The remote host is running Symantec Reporting Server, a web-based tool for creating reports about Symantec enterprise antivirus products. The version of Symantec Reporting Server installed on the remote host allows a remote attacker to bypass authentication to various scripts and gain access to the application. Additionally, it reportedly allows a user to create a malicious executable in the process of exporting data. This could, in turn, be executed in the context of the web server user, and may display the administrator |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25458 |
| published | 2007-06-08 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25458 |
| title | Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities |
References
- http://osvdb.org/36107
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24325
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05.html
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34895