What is CVE-2012-0297?

CVE-2012-0297 is a vulnerability in Symantec Web_gateway, classified under CWE-264. Published 2012-05-21.

Is CVE-2012-0297 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Symantec Web_gateway

CVE-2012-0297

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework

References

53444 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
symantec-web-file-include(75731) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2012-0297?: CVE-2012-0297 is a vulnerability in Symantec Web_gateway, classified under CWE-264. Published 2012-05-21.
Is CVE-2012-0297 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.