VYPR
Unrated severityNVD Advisory· Published Aug 29, 2019· Updated Aug 5, 2024

CVE-2018-18371

CVE-2018-18371

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Affected products

4
  • Symantec/ASGllm-create
    Range: < 6.7.4.2
  • Bluecoat/Proxysgllm-fuzzy
    Range: < 6.7.4.2 and < 6.5.10.15
  • Symantec Corporation/Symantec Advanced Secure Gateway (ASG)v5
    Range: 6.6 and 6.7 prior to 6.7.4.2
  • Symantec Corporation/Symantec ProxySGv5
    Range: 6.5 prior to 6.5.10.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.