Video Screencast Help

SWG vulnerabilities

Created: 11 Jan 2013 | 5 comments
Atif's picture

Hi Guys,

During scanning with Symantec CCS-VM (Vulnerability Manager), we found following vulnerabilities on Symantec Web Gateway. I believe the Critical Ones are due to the fact that RA (Remote Assistance) is enabled. Would like to hear from expert how these vulnerabilities can be addressed.

Vulnerability Severity Instances
Back Orifice Backdoor Installed Critical 1
rexec' Remote Execution Service Enabled Critical 1
rlogin' Remote Login Service Enabled Critical 1
rsh' Remote Shell Service Enabled Critical 1
VNC remote control service installed Critical 1
X.509 Certificate Subject CN Does Not Match the Entity Name Severe 1
Cross Site Scripting Vulnerability Severe 1
Database Open Access Severe 1
Missing HttpOnly Flag From Cookie Severe 2
Missing Secure Flag From SSL Cookie Severe 1
TCP Sequence Number Approximation Vulnerability Severe 1
Autocomplete enabled for sensitive HTML form fields Severe 1
Self-signed TLS/SSL certificate Severe 1
Apache httpd mod_imap XSS (CVE-2007-5000) Severe 1
Weak Cryptographic Key Moderate 1
ICMP timestamp response Moderate 1
Discussion Filed Under:

Comments 5 CommentsJump to latest comment

SMLatCST's picture

"Thumbs Up" to this thread.  I'd also be curious about the results for this...

Were these vulnerablilities discovered on the MGMT or LAN interface (or both?)

Atif's picture

These are the combined vulnerabilities for both LAN and MGMT interface.

Mike Buckley's picture

Anybody that's run a pen test against SWG will see results like this.  If you raise a support case with Symantec they will address them for you.  In our case from two we reported one was a false positive (Nessus assumed a vulnerability due to a reported version number by Symantec had addressed the patch themselves) and the one we did find (actually in the list above) is receiving attention from Symantec and will be addressed in an upcoming release.

Slightly ironic that CCS-VM finds these, I'm due to run that in an environment with SWGs in place so I'll look out for this.

Symantec Corp.'s picture

Symantec is currently investigating this issue to determine the validity of these findings. We will provide additional information as soon as we’re able.

Atif's picture

Thanks. We will be waiting for Symantec response on this.