CVE-2018-18371
N/A
N/A
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) | 6.6 and 6.7 prior to 6.7.4.2 | affected |
| Symantec Corporation | Symantec ProxySG | 6.5 prior to 6.5.10.15 | affected |
| Symantec Corporation | Symantec ProxySG | 6.6 | affected |
| Symantec Corporation | Symantec ProxySG | 6.7 prior to 6.7.4.2 | affected |
Weaknesses
- Information disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.