CVE-2017-6328

HIGH

Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6328. PoCs published by Dhiraj Mishra.

AI-analyzed exploit summary This is a writeup describing a CSRF vulnerability in Symantec Messaging Gateway (CVE-2017-6328) that allows an attacker to log out users by sending a crafted URL. The proof of concept outlines a method to repeatedly log out active users, effectively causing a denial of service.

Description

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dhiraj Mishra · textwebappsmultiple
https://www.exploit-db.com/exploits/42613

This is a writeup describing a CSRF vulnerability in Symantec Messaging Gateway (CVE-2017-6328) that allows an attacker to log out users by sending a crafted URL. The proof of concept outlines a method to repeatedly log out active users, effectively causing a denial of service.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Symantec Messaging Gateway
No auth needed
Prerequisites: Access to the target's IP address · User interaction to trigger the logout URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0214
EPSS Percentile 79.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
symantec/message_gateway < 10.6.3-2
Symantec Corporation/Messaging Gateway All versions prior to version 10.6.3-267
Published Aug 11, 2017
Tracked Since Feb 18, 2026