CVE-2016-5312

MEDIUM

Symantec Messaging Gateway < 10.6.2 - Authenticated Path Traversal via ChartStream sn Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5312. PoCs published by R-73eN.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Symantec Messaging Gateway <= 10.6.1. The 'sn' parameter in the ChartStream servlet is not sanitized, allowing unauthorized access to files outside the intended directory.

Description

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.

Exploits (1)

exploitdb WORKING POC

by R-73eN · textwebappsjava

https://www.exploit-db.com/exploits/40437

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Symantec Messaging Gateway <= 10.6.1. The 'sn' parameter in the ChartStream servlet is not sanitized, allowing unauthorized access to files outside the intended directory.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Symantec Messaging Gateway <= 10.6.1

Auth required

Prerequisites: Access to the Symantec Messaging Gateway control center · Valid credentials for an authorized user

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93148

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160927_00

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/138891/Symantec-Messaging-Gateway-10.6.1-Directory-Traversal.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036908

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40437/

Exploit, Mailing List, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Sep/71

Scores

CVSS v3 6.5

EPSS 0.5370

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

symantec/messaging_gateway < 10.6.1

Published Apr 14, 2017

Tracked Since Feb 18, 2026