Symantec DLP 跨站请求伪造漏洞(CVE-2015-1485)
Symantec DLP 跨站请求伪造漏洞(CVE-2015-1485)
Symantec DLP 跨站请求伪造漏洞(CVE-2015-1485)
发布日期:2015-06-28
更新日期:2015-07-01
受影响系统:
Symantec Data Loss Prevention < 12.5.2
描述:
BUGTRAQ ID: 75289
CVE(CAN) ID: CVE-2015-1485
Symantec Data Loss Prevention (DLP)是数据丢失防护解决方案。
Symantec Data Loss Prevention (DLP) 12.5.2之前版本,Enforce Server内的管理控制台存在跨站请求伪造漏洞,远程攻击者利用此漏洞可劫持管理员身份验证。
<*来源:Symantec
Mike Czumak
链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu
*>
建议:
厂商补丁:
Symantec
--------
Symantec已经为此发布了一个安全公告(SYM15-006)以及相应补丁:
SYM15-006:Security Advisories Relating to Symantec Products - Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site Request Forgery Issues
链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00
本文永久更新链接地址:
评论暂时关闭