search menu icon-carat-right cmu-wordmark

CERT Coordination Center

The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities

Vulnerability Note VU#760256

Original Release Date: 2004-10-20 | Last Revised: 2004-10-20


The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities.


The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtual private network. The ActiveX and HTML file browsers included with the 4400 Series VPN Gateway contain various vulnerabilities. The specifics of the vulnerabilities are not known.


These vulnerabilities may result in unauthorized access to the system or lead to unpredictable behavior.


Apply a Hotfix

Symantec has posted a hotfix to address this issue. The hotfix is labeled Hotfix: SCVG5-20040806-00 and can be located at:

The README file describing this hotfix is available here.

Vendor Information


Symantec Corporation Affected

Updated:  October 20, 2004



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector



This vulnerability was discovered by Symantec

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 0.62
Date Public: 2004-08-10
Date First Published: 2004-10-20
Date Last Updated: 2004-10-20 17:52 UTC
Document Revision: 75

Sponsored by CISA.