var-201705-3128
Vulnerability from variot
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.5\u003c=6.5.10.6"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.10.6",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9099",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-01377",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97919",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9099",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97919",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "102455",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2016-9099",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97919",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"id": "VAR-201705-3128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 1.3058396033333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
}
]
},
"last_update_date": "2023-12-18T12:29:14.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SymantecProxySG and AdvancedSecureGateway Open Redirection Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113935"
},
{
"title": "Symantec ProxySG and Advanced Secure Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102455"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2017-05-11T14:30:16.407000",
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"date": "2018-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2021-07-08T16:37:25.740000",
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec ProxySG and Advanced Secure Gateway Open Redirection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.