Short Name |
APP:SYMC:MESSAGING-DIR-TRAV |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Messaging Gateway Directory Traversal |
Release Date |
2013/01/09 |
Update Number |
2223 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Symantec Messaging Gateway. It is due to insufficient input validation. By sending crafted requests, a remote, authenticated attacker can exploit this vulnerability to disclose sensitive information on the server.
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.