Symantec.Web.Gateway.Remote.LFI.Root.Exploit

Description

This indicates an attack attempt against an arbitrary Code Execution and an Information Disclosure vulnerability in Symantec Web Gateway.
The vulnerabilities are caused by an error when the vulnerable software handles a malicious request URI. It allows a remote attacker to execute arbitrary code or disclose information via sending a crafted URI.

Affected Products

Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Best Practices
As part of normal best practices, Symantec strongly recommends:
+ Restrict access to administration or management systems to privileged users.
+ Disable remote access or restrict it to trusted/authorized systems only.
+ Keep all operating systems and applications updated with the latest vendor patches.
+ Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
+ Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.
Apply the most recent upgrades or patches from the vendor.
http://www.symantec.com/business/web-gateway

References