Vulnerabilities > CVE-2009-0064 - Remote Privilege Escalation vulnerability in Symantec Brightmail Gateway Appliance 7.5/7.6/7.7

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
symantec
critical

Summary

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34641,34639 CVE(CAN) ID: CVE-2009-0063,CVE-2009-0064 Brightmail Gateway是赛门铁克的信息安全管理平台。 Brightmail Gateway设备的WEB管理控制台Brightmail安全中心没有正确地过滤外部客户端输入,远程攻击者可以通过提交恶意请求执行跨站脚本攻击;此外某些控制台函数还可能允许非特权的控制中心用户获得提升的权限。 Symantec Brightmail Gateway 8.0 Symantec Brightmail Gateway 5.0 Symantec -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://fileconnect.symantec.com/LangSelection.jsp target=_blank rel=external nofollow>https://fileconnect.symantec.com/LangSelection.jsp</a>
idSSV:5108
last seen2017-11-19
modified2009-04-25
published2009-04-25
reporterRoot
titleSymantec Brightmail Gateway控制中心跨站脚本和权限提升漏洞