CVE-2012-0300

Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/54136
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00	Vendor Advisory
http://www.securityfocus.com/bid/54136
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:symantec:message_filter:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:34

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/54136 -~~	() http://www.securityfocus.com/bid/54136 -
References	~~() http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - Vendor Advisory~~	() http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - Vendor Advisory

Information

Published : 2012-07-05 17:55

Updated : 2024-11-21 01:34

NVD link : CVE-2012-0300

Mitre link : CVE-2012-0300

CVE.ORG link : CVE-2012-0300

JSON object : View

Products Affected

symantec

message_filter

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-0300", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-05T17:55:00.980", "references": [{"url": "http://www.securityfocus.com/bid/54136", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/54136", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors."}, {"lang": "es", "value": "Centro de control de Brightmail de Symantec Message Filter v6.3 no restringe adecuadamente el establecimiento de sesiones a trav\u00e9s del puerto de escucha, lo que permite a atacantes remotos obtener informaci\u00f3n de versi\u00f3n potencialmente sensible a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:34:45.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:message_filter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC5499F-B394-44C8-BFBA-798225AB60EC", "versionEndIncluding": "6.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}