CyberSec.Space Logo
Back to CVE Browser

CVE-2021-46825

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile5.52th
PublishedJul 7, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Platforms (CPE)

πŸ“¦
Broadcom

Advanced Secure Gateway

= 6.7
πŸ“¦
Broadcom

Advanced Secure Gateway

= 7.3
πŸ“¦
Broadcom

Proxysg

= 6.7
πŸ“¦
Broadcom

Proxysg

= 7.3

References & Advisories

πŸ”— https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638
πŸ”— https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638

Related Vulnerabilities

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2018-52419.8

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass ...

CVE-2021-306489.8

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnera...

CVE-2016-22078.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...