SUMMARY

Symantec has provided a number of security updates for the Symantec Clientless VPN Gateway 4400 Series, v5.0 with the latest hotfix that is available via the Symantec Enterprise Support site http://www.symantec.com/techsupp (SCVG5-20040806-00). Issues addressed in this hotfix were discovered during an internal product review.

AFFECTED PRODUCTS

Affected Components
Symantec Clientless VPN Gateway 4400 Series, v5.0

ISSUES

Details
This hotfix was a scheduled maintenance and feature pack update that updates several modules for the Symantec Clientless VPN Gateway 4400 Series appliances. This hotfix also addresses potential User Interface (UI) cross site scripting vulnerabilities identified during ongoing engineering efforts.

A CVE Candidate name has been requested from the Common Vulnerabilities and Exposures (CVE) initiative for this issue. This advisory will be revised accordingly upon receipt.

This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems

MITIGATION

Symantec Response
Symantec has readied and released a hotfix that addresses a number of security updates. Symantec recommends customers apply the appropriate hotfix immediately. Product specific hotfixes are available via the Symantec Enterprise Support site http://www.symantec.com/techsupp.