VYPR
Unrated severityNVD Advisory· Published Aug 29, 2019· Updated Aug 5, 2024

CVE-2018-18370

CVE-2018-18370

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Affected products

4
  • Symantec/ASGllm-fuzzy
    Range: 6.6; 6.7 < 6.7.4.2
  • Bluecoat/Proxysgllm-fuzzy
    Range: 6.5 < 6.5.10.15; 6.6; 6.7 < 6.7.4.2
  • Symantec Corporation/Symantec Advanced Secure Gateway (ASG)v5
    Range: 6.6 and 6.7 prior to 6.7.4.2
  • Symantec Corporation/Symantec ProxySGv5
    Range: 6.5 prior to 6.5.10.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.