CVE-2012-4347

Symantec Messaging Gateway - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

Exploits (2)

exploitdb WORKING POC

by Ben Williams · textwebappslinux

https://www.exploit-db.com/exploits/23110

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/56789

[Third Party Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00

Scores

EPSS 0.6971

EPSS Percentile 98.7%

Details

CWE

CWE-22

Status published

Products (5)

symantec/messaging_gateway 9.5

symantec/messaging_gateway 9.5.1

symantec/messaging_gateway 9.5.2

symantec/messaging_gateway 9.5.3

symantec/messaging_gateway 9.5.4

Published Dec 05, 2012

Tracked Since Feb 18, 2026