Symantec Web Gateway SQL Injection (Aug 1, 2014)

Symantec Web Gateway is a web security gateway appliance that protects organizations against web threats, which include malicious URLs,spyware, botnets, viruses, and other types of malware.A management interface is used to monitor and manage Web Gateway deployments. The web interface uses the HTTP and HTTPS protocols.

A SQL injection vulnerability exists in clientreport.php in the management console in Symantec Web Gateway (SWG) which allows remote attackers to execute arbitrary SQL commands.The vulnerability is due to improper sanitization of the of HTTP parameters passed to PHP pages.A successful SQL injection exploit can execute SQL commands which can read sensitive data from the database or even modify existing contents.

This vulnerability has been assigned as CVE-2014-1651.

Dell SonicWALL Threat research team has observed consistent SQL injection attacks in the wild. Following graph shows recent data :

Dell SonicWALL protects against this threat with the following signature:

• 5679 SQL Injection Attack 3

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.