CVE-2012-4347

Symantec Messaging Gateway 9.5.x - Authenticated Path Traversal via Log Export or Backup Restore

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4347. PoCs published by Ben Williams, including Metasploit module auxiliary/scanner/http/symantec_brightmail_logfile.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in Symantec Messaging Gateway 9.5.3-3 via directory traversal in crafted URLs. It allows authenticated attackers to retrieve sensitive files like /etc/passwd by manipulating the logFile parameter.

Description

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

Exploits (2)

exploitdb WORKING POC

by Ben Williams · textwebappslinux

https://www.exploit-db.com/exploits/23110

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file download vulnerability in Symantec Messaging Gateway 9.5.3-3 via directory traversal in crafted URLs. It allows authenticated attackers to retrieve sensitive files like /etc/passwd by manipulating the logFile parameter.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Symantec Messaging Gateway 9.5.3-3

Auth required

Prerequisites: Authenticated access to the web interface

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Symantec Messaging Gateway 9.5 to download arbitrary files by manipulating the 'logFile' parameter. Authentication is required to exploit this vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Symantec Messaging Gateway 9.5

Auth required

Prerequisites: Valid credentials for Symantec Messaging Gateway · Network access to the target system

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56789

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00

Scores

EPSS 0.5883

EPSS Percentile 99.0%

Details

CWE

CWE-22

Status published

Products (5)

symantec/messaging_gateway 9.5

symantec/messaging_gateway 9.5.1

symantec/messaging_gateway 9.5.2

symantec/messaging_gateway 9.5.3

symantec/messaging_gateway 9.5.4

Published Dec 05, 2012

Tracked Since Feb 18, 2026