PT-2017-9953 · Symantec · Symantec Advanced Secure Gateway+1
Publicado
2017-05-11
·
Atualizado
2021-07-08
·
CVE-2016-9099
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7 prior to 6.7.2.1
ProxySG versions 6.5 prior to 6.5.10.6
ProxySG version 6.6
ProxySG versions 6.7 prior to 6.7.2.1
Description
The issue allows a remote attacker to use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. This is achieved through an open redirection vulnerability.
Recommendations
For Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7 prior to 6.7.2.1, update to version 6.7.2.1 or later.
For ProxySG versions 6.5 prior to 6.5.10.6, update to version 6.5.10.6 or later.
For ProxySG version 6.6, update to version 6.7.2.1 or later.
For ProxySG versions 6.7 prior to 6.7.2.1, update to version 6.7.2.1 or later.
Correção
Open Redirect
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Proxysg
Symantec Advanced Secure Gateway