VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-0114
endpoint_protection: fw_charts.php in the reporting module in the Manage...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0114

Original

fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-12-22
Source Information Category:
Advisory, Alert
Last Updated:
2010-12-22




Affected Product Tags
cpe:/a:symantec:endpoint_protection:11
cpe:/a:symantec:endpoint_protection:11.0.1
cpe:/a:symantec:endpoint_protection:11.0.1:mp1
cpe:/a:symantec:endpoint_protection:11.0.2
cpe:/a:symantec:endpoint_protection:11.0.2:mp1
cpe:/a:symantec:endpoint_protection:11.0.2:mp2
cpe:/a:symantec:endpoint_protection:11.0.3001
cpe:/a:symantec:endpoint_protection:11.0.4
cpe:/a:symantec:endpoint_protection:11.0.4:mp1a
cpe:/a:symantec:endpoint_protection:11.0.4:mp2
cpe:/a:symantec:endpoint_protection:11.0:ru5
cpe:/a:symantec:endpoint_protection:11.0:ru6
cpe:/a:symantec:endpoint_protection:11.0:ru6mp1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 45372




CONFIRM http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00




MISC http://www.zerodayinitiative.com/advisories/ZDI-10-291/




SECTRACK 1024900




SECUNIA 42643




VUPEN ADV-2010-3252




Vulnerability Type Input Validation (CWE-20)




XF symantec-endpoint-fwcharts-code-execution(64118)




Copyright © 2010 JPCERT/CC All Rights Reserved.