[R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1

CVE-2012-0297: The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. (Tenable reported RCE issues in /spywall/ipchange.php and network.php, although additional issues may exist.)

CVE-2012-0297: The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. (The issue occurs in the download() function of the /spywall/download_file.php script.)

CVE-2012-0296: Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. (Tenable reported the 'l' parameter of the timer.php script as a reflected XSS, although there may be additional scripts affected.)

CVE-2012-0299: The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. (This flaw exists because the program does not properly verify or sanitize user-uploaded files via the upload_file() function in spywall/includes/util_functions.php. By uploading a crafted file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute commands. Note that util_functions.php is called by admin_messages.php, blocked_file.php, blocked_url.php, previewBlocked.php, and previewInfected.php. Only admin_messages.php requires authentication.)