CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-46825

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile5.52th
Published2022年7月7日
Last Modified2024年11月21日

Vulnerability Description

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Platforms (CPE)

📦
Broadcom

Advanced Secure Gateway

= 6.7
📦
Broadcom

Advanced Secure Gateway

= 7.3
📦
Broadcom

Proxysg

= 6.7
📦
Broadcom

Proxysg

= 7.3

References & Advisories

🔗 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638
🔗 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638

関連する脆弱性情報

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2018-52419.8

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass ...

CVE-2021-306489.8

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnera...

CVE-2016-22078.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...