CVE-2012-4347

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:42

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/56789 - Exploit () http://www.securityfocus.com/bid/56789 - Exploit
References () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 -

Information

Published : 2012-12-05 11:57

Updated : 2024-11-21 01:42


NVD link : CVE-2012-4347

Mitre link : CVE-2012-4347

CVE.ORG link : CVE-2012-4347


JSON object : View

Products Affected

symantec

  • messaging_gateway
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')