CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-46825

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile5.52th
Published2022年7月7日
Last Modified2024年11月21日

Vulnerability Description

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Platforms (CPE)

📦
Broadcom

Advanced Secure Gateway

= 6.7
📦
Broadcom

Advanced Secure Gateway

= 7.3
📦
Broadcom

Proxysg

= 6.7
📦
Broadcom

Proxysg

= 7.3

References & Advisories

🔗 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638
🔗 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638

相關漏洞威脅

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2018-52419.8

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass ...

CVE-2021-306489.8

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnera...

CVE-2016-22078.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...