Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Symantec Web Gateway Vulnerabilities

Created: 05 Oct 2009 • Updated: 10 Jul 2010 | 2 comments

Hi,

Just installed our new Symantec Web Gateway model 8450.  It was a snap to install, make operational and begin monitoring traffic and blocking the bad guys.

Now I've run a network vulnerability scan on the unit and it identified two problems:

1.) Squid versions 2-4 Stable 6 is vulnerable (can I upgrade this?)
2.) mod_ssl older than 2.8.7 have a buffer over which could allow users to gain a shell remotely.

Also, the SSL certificate is issued by MI5Networks; is there some way to install a proper certificate?

Thanks in advance,

steve

Discussion Filed Under:

Comments 2 CommentsJump to latest comment

KevK76's picture

Hi Steve,

My understanding is you are working with Support to verify if there are any issues here, is that correct?

Thanks,

Kevin

Earth Juice's picture

Sorry for the tardy reply kevin,

Yes, called support, vulnerabilities were patched, both symantec and GFI updates.  There is no support for altering the SSL certificate.

Take care,

steve