VAR-200412-0184
Vulnerability from variot - Updated: 2023-12-18 12:59Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. The issues include multiple vulnerabilities related to the ActiveX and HTML file browser, cross-site scripting vulnerabilities in the end user interface, and a vulnerability in the end user interface that will allow an unauthorized user to change another user's single signon information. Remote attackers can use this vulnerability to modify other users' authentication information. No detailed vulnerability details are currently available. Cross-site scripting issues have also been reported by end users.
2) Various unspecified input validation errors within the end user UI can be exploited to conduct cross-site scripting attacks.
3) An error within the end user UI can be exploited by malicious users to manipulate other users' signon information (including username and password).
SOLUTION: A hotfix is available: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/SCVG5-20040806-00.tgz
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clientless vpn gateway 4400",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "clientless vpn gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "44005.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "BID",
"id": "10903"
},
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1483"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1483",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-9913",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1483",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#760256",
"trust": 0.8,
"value": "0.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1172",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-9913",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "VULHUB",
"id": "VHN-9913"
},
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. \nThe issues include multiple vulnerabilities related to the ActiveX and HTML file browser, cross-site scripting vulnerabilities in the end user interface, and a vulnerability in the end user interface that will allow an unauthorized user to change another user\u0027s single signon information. Remote attackers can use this vulnerability to modify other users\u0027 authentication information. No detailed vulnerability details are currently available. Cross-site scripting issues have also been reported by end users. \n\n2) Various unspecified input validation errors within the end user UI\ncan be exploited to conduct cross-site scripting attacks. \n\n3) An error within the end user UI can be exploited by malicious\nusers to manipulate other users\u0027 signon information (including\nusername and password). \n\nSOLUTION:\nA hotfix is available:\nftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/SCVG5-20040806-00.tgz\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "BID",
"id": "10903"
},
{
"db": "VULHUB",
"id": "VHN-9913"
},
{
"db": "PACKETSTORM",
"id": "34006"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "12254",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "8508",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#760256",
"trust": 2.5
},
{
"db": "BID",
"id": "10903",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1483",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1010918",
"trust": 0.8
},
{
"db": "XF",
"id": "16933",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6788",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9913",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "34006",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "VULHUB",
"id": "VHN-9913"
},
{
"db": "BID",
"id": "10903"
},
{
"db": "PACKETSTORM",
"id": "34006"
},
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"id": "VAR-200412-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9913"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:36.534000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1483"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/12254/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10903"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/760256"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/8508"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16933"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/aug/1010918.html"
},
{
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2004.08.13.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8508"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16933"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6788"
},
{
"trust": 0.3,
"url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=342\u0026eid=0"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3283/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "VULHUB",
"id": "VHN-9913"
},
{
"db": "BID",
"id": "10903"
},
{
"db": "PACKETSTORM",
"id": "34006"
},
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#760256"
},
{
"db": "VULHUB",
"id": "VHN-9913"
},
{
"db": "BID",
"id": "10903"
},
{
"db": "PACKETSTORM",
"id": "34006"
},
{
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-10-20T00:00:00",
"db": "CERT/CC",
"id": "VU#760256"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9913"
},
{
"date": "2004-08-06T00:00:00",
"db": "BID",
"id": "10903"
},
{
"date": "2004-08-11T00:30:13",
"db": "PACKETSTORM",
"id": "34006"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"date": "2004-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-10-20T00:00:00",
"db": "CERT/CC",
"id": "VU#760256"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9913"
},
{
"date": "2004-08-06T00:00:00",
"db": "BID",
"id": "10903"
},
{
"date": "2017-07-11T01:31:04.357000",
"db": "NVD",
"id": "CVE-2004-1483"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#760256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "10903"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1172"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…