Modification of Information in Symantec Web Gateway - CVE-2016-5313
Published: October 7, 2016 / Updated: October 10, 2016
Vulnerability identifier: #VU806
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5313
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Broadcom
Affected software:
Symantec Web Gateway
Symantec Web Gateway
Detailed vulnerability description
The vulnerability allows a remote authenticated user to update unauthorized whitelist.
The weakness is caused by insufficient input validation. By sending a specially crafted script atttackers can change the whitelist configuration.
Successful exploitation of the vulnerability may result in addition of unauthorized whitelist entry.
The weakness is caused by insufficient input validation. By sending a specially crafted script atttackers can change the whitelist configuration.
Successful exploitation of the vulnerability may result in addition of unauthorized whitelist entry.
How to mitigate CVE-2016-5313
Update to version 5.2.5.