Symantec Messaging Gateway is prone to a directory-traversal vulnerability.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
Versions prior to Symantec Messaging Gateway Appliance 10.6.4 are vulnerable.
Information
Symantec Messaging Gateway 10.5.2
Symantec Messaging Gateway 10.5.1
Symantec Messaging Gateway 10.5
Symantec Messaging Gateway 10.0.1
Symantec Messaging Gateway 9.5.4
Symantec Messaging Gateway 9.5.3
Symantec Messaging Gateway 9.5.3-3
Symantec Messaging Gateway 9.5.2
Symantec Messaging Gateway 9.5.1
Symantec Messaging Gateway 9.5
Symantec Messaging Gateway 10.6.2
Symantec Messaging Gateway 10.6.1-3
Symantec Messaging Gateway 10.6.1
Symantec Messaging Gateway 10.6.0-7
Symantec Messaging Gateway 10.6.0-3
Symantec Messaging Gateway 10.6
Symantec Messaging Gateway 10.1
Symantec Messaging Gateway 10.0.3
Symantec Messaging Gateway 10.0.2
Symantec Messaging Gateway 10.0
Exploit
An attacker can use readily available tools to exploit this issue.
References:
- Messaging Gateway Homepage (Symantec)
- Symantec Homepage (Symantec)
- SYM17-016: Security Advisories Relating to Symantec Products - Symantec Messagi (Symantec)