CVE-2012-4347

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*

Information

Published : 2012-12-05 03:57

Updated : 2013-10-11 06:18


NVD link : CVE-2012-4347

Mitre link : CVE-2012-4347


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

symantec

  • messaging_gateway