# Symantec Clientless VPN Gateway 4400 Series Multiple Vulnerabilities



## jgvernonco (Sep 13, 2003)

Symantec Clientless VPN Gateway 4400 Series Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12254

VERIFY ADVISORY:
http://secunia.com/advisories/12254/

CRITICAL:
Moderately critical

IMPACT:
Unknown, Cross Site Scripting, Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Symantec Clientless VPN Gateway 4400 Series
http://secunia.com/product/3283/

DESCRIPTION:
Multiple vulnerabilities have been reported in Symantec Clientless
VPN Gateway 4400 Series, where some have an unknown impact and others
can be exploited to conduct cross-site scripting attacks or manipulate
users' signon information.

1) Various unspecified vulnerabilities affect the ActiveX and HTML
file browsers.

2) Various unspecified input validation errors within the end user UI
can be exploited to conduct cross-site scripting attacks.

3) An error within the end user UI can be exploited by malicious
users to manipulate other users' signon information (including
username and password).

SOLUTION:
A hotfix is available:
ftp://ftp.symantec.com/public/engli...lientless_vpn_5/updates/SCVG5-20040806-00.tgz

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
ftp://ftp.symantec.com/public/engli...n/sym_clientless_vpn_5/updates/hf3-readme.txt


----------

