HTTP: Symantec Data Center Security CVE-2014-9225 Information Disclosure
This signature detects attempts to exploit a known vulnerability against Symantec Data Center Security. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.
Extended Description
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Affected Products
Broadcom symantec_critical_system_protection
Short Name
HTTP:SYMC-DCS-CVE-2014-9225-ID
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-9225 Center Data Disclosure Information Security Symantec bid:72094
Release Date
03/23/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Broadcom
Symantec
CVSS Score
4.0